THE VOICE OF IT MANAGEMENT 


Users Rush to Plug 
Microsoft’s Holes 


Fears of new worms, 
fast release of exploit 
code spur action by IT 


BY JAIKUMAR VIJAYAN 
The availability of code capa- 
ble of exploiting a critical vul- 


nerability in Windows 2000 — | 


just one day after the flaw was 
disclosed as part of Microsoft 
Corp.’s monthly security up- 
dates last Tuesday — lent 


Data on Interex Members 
For Sale to Highest Bidder 


BY PATRICK THIBODEAU 
The trustee overseeing the 
now-defunct Interex user 
group’s remaining assets plans 
to sell its membership database 
to the highest bidder to help 
satisfy the demands of the 
group’s creditors, according to 
a bankruptcy court notice. 
Interex claimed about 
100,000 members before clos- 
ing down in July and then fil- 
ing for Chapter 7 bankruptcy 
protection the following 
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urgency to efforts by IT man- | 
agers to patch their systems 
as quickly as possible. 

For instance, the American 
Red Cross, which in August 
saw traffic on its networks be- 


worm, was already deploying 
Microsoft’s latest patches last 
week, according to Ron Bak- 
larz, chief information securi- 
ty officer at the Washington- 
based relief organization. 

“We have dramatically im- 
proved our procedures to im- 
prove on our patch implemen- 
tation time,” Baklarz said 
without elaborating. He added 

Holes, page 70 


month in U.S. Bankruptcy 
Court for the Northern Dis- 
trict of California. The court 
notice about the upcoming 
sale of the membership data- 
base was dated Oct. 5, but 
news of the plan just reached 
some former members of the 
independent Hewlett-Packard 
Co. user group last week. 
According to the court fil- 
ing, trustee Carol W. Wu has 
received an offer of $15,000 for 
Interex, page 16 





NEWSPAPER 


UMTI 
PERIODICALS 
PO BOX 1346 


VeLasdbacdevest MM esssPaseralbestbeabectallactorll 
SBXBBIF THRRKAEEKEERARAUTORAS-DIGIT 48106 
#0234945/CB/7# CW200542 


a62 6251 





ANN ARBOR MI 48166-1346 


PAGE 22 


COMPUTERWOR 


WWW.COMPUTERWORLD.COM 


_ OCTOBER 7, 2005 « VOL 


KNOWLEDGE CENTER STORAGE 


elements in their storage 
architectures. We evaluate 
four technologies to see if 
they really simplify the job. 
Stories begin on page 51. 


Drowning in data? 
Get our new Executive Briefing on storage management strategies. 


ENRICO VARRASSO 


Execs Use Services Model to Reshape IT Units 


Data center managers credit ITIL for helping to 
make their operations more effective, efficient 





BY PATRICK THIBODEAU 

CHICAGO 

Several years ago, the state of 
the help desk at GuideStone 
Financial Resources could be 
summed up by what end users 
called it: “the helpless desk.” 


| Not only was the moniker un- 
| flattering, it reflected linger- 


ing system problems that hurt 
the investment management 
firm’s employee productivity. 
With that in mind, the IT 
department at Dallas-based 
GuideStone, which is owned 
by the Southern Baptist Con- 





vention, turned to the Infor- 
mation Technology Infrastruc- 
ture Library standard. One of 
the driving goals of ITIL is to 
reshape IT operations into a 
services model by spelling out 





service levels and detailed 
processes for delivering, 
managing and supporting 
technology. 

Proponents say the standard 
can help cut IT costs and im- 
prove alignment with business 
units, which may explain the 
interest in it among IT man- 
agers at a conference held 
here last week by AFCOM, an 
Orange, Calif.-based profes- 
sional association that focuses 
on data center issues. 

Dawn Sawyer, operations 
manager at GuideStone, said 
that she began implementing 
ITIL processes four years ago 
and that the work is still in 

ITIL, page 72 
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Obviously, great minds 
think alike. 
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analysts and customers upgrading your current BI software, talk to SAS about our proven successes. 
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Business in the Driver’s Seat 


In the Technology section: Here’s how soft- 
ware tools that optimize projects, processes 
and assets are aiding in IT governance 
efforts. Page 31 





a nap Revival 


In the Management section: When the dot- 
coms busted, IT R&D tanked too, but IT 
professionals like Ford’s Vijay Sankaran are 
coming back with a tight focus, a new culture | 


and a business-oriented mission. Page 43 


OPINIONS 


> 10 On the Mark: Mark Hall 
reports that rising fuel prices 
appear to be putting down- 
: ward pressure on overall IT 
Novell and IBM jointly offera : budgets. 
new way of licensing Linux 
for blade servers. 





VMware bumps up CPU 
support, automation in its 
server virtualization software. 


26 Don Tennant isn’t surprised 
when IT vendors try to use 
the media for their own pur- 
poses. But he wonders why 
some in the media allow 
themselves to be used. 


Cisco enters the application 
acceleration market with two 
new lines of appliances. 


An Ireland health agency 
halts the rollout of two SAP 
ERP systems, igniting a politi- 
cal firestorm in that country. 


26 Michael H. Hugos sees a 
rhythm to corporate life set 
by the four quarters, much as 
farmers work to the rhythm 


The Pentagon’s logistics of the seasons. 
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Battling ey 


Storage resource 
management, virtu- | 
alization, object- 

based storage and 

data classification 

tools are supposed to help you 


defeat the complexity monster. 


Do they really? 


Virtual Unity. By creating one big 
pool of storage, virtualization can 


help you manage 
data growth and 


agency still has an inadequate 


information security program, 


according to a GAO report. 


Sarbanes-Oxley compliance 
efforts are increasingly rely- 
ing on technology. 


Q&A: Computer Associates 
CEO John Swainson discusses 
his first year on the job and 
how he’s changing the ven- 
dor’s corporate culture. 


Spreadsheet use is reined in, 
thanks to new products that 
give control back to IT. 
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40 Douglas Schweitzer doesn’t 
care how state-of-the-art your 
security technology is. Apathy 
and ignorance on the part of 
users have to be combatted if 
your security strategies are 
going to be successful. 


48 Barbara Gomolski thinks that 
for IT to be run like a busi- 
ness, it needs to start gather- 
ing relevant information by 
using the same kinds of tools 
it offers other business units. 


Frankly Speaking: Frank 
Hayes says a report showing 
no relationship between R&D 
and business performance 
could just as well be talking 
about IT and business qa. 
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smooth out capaci- 
ty crunches. Alber- 
to Cruz Natal, tech- 
nical manager at 
Hunterdon Medical 
Center, moved the 
community hospital 
to a centralized 

storage architecture via a SAN 

and a high-end Shark array. 


Decluttered Data. The demands 
of compliance and legal discovery 
drew the first adopters to object- 
based storage, yet companies with 
large stores of digital assets are 
now reaping the benefits, too. 


Watchful Eye. Storage resource 
management offers a single win- 
dow into the storage network, 
making it possible to measure 
the performance of any piece of 
equipment. 


Cleaning Out 

the Attic. Data 

classification 

tools tag data 

prior to back- 

up and use a 

policy engine 

to determine how to store it based 
on its importance to the business, 
freeing up primary storage. 


Opinion: Forget trying to get con- 
trol over all the mobile data stor- 
age devices inside your company. 
What you need to do is get control 
of the data, says columnist Mark 
Hall. 


SILLY STORAGE 


STORIES. Every- 


body has storage 
problems, but you 


can always find 


room on your hard : 


drive for these 
funny anecdotes 
collected from the 
IT front lines by 


IT storage needs 
for your next 
presentation. 
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WEBCAST. in this 


presentation from 
the Storage Net- 
working World 
Spring 2005 event, 
Sasan Hamidi, 
chief information 
security officer 

at Interval Inter- 


national, discusses : 


protocols, security 
standards and 


other initiatives 
related to grid 


computing. 
© Quicklink a7210 


EXECUTIVE 
BRIEFING. 
Companies are 
drowning in data 
and dealing with 
pressing questions 
about managing it. 
Get practical ad- 
vice on how to ap- 
proach the new 
storage paradigm. 
© QuickLink a7320 
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Microsoft to Help 
Nigeria Fight Crime 
Microsoft Corp. has signed an 
agreement with the Nigerian gov- 
ernment to help its law enforce- 
ment agencies break up crime 
rings that use the Internet for 
fraud and theft. Microsoft will 
work with Nigeria’s Economic and | 
Financial Crimes Commission, 
created two years ago to address 
Internet crime, money laundering 
and corruption. 


Symantec Patches 
NetBackup Flaw 


Symantec Corp. has patched a 
critical vulnerability in its Veritas 
NetBackup software that could 
be used to seize control of an 
unpatched system. A bug in the 
Java authentication service could 
be exploited using specially craft- 
ed commands. The bug was dis- 
closed by A.D. Consulting Ltd.’s 
French Security Incident Re- 
sponse Team. 


HP Recalls 135,000 
Defective Batteries 


Hewlett-Packard Co. has recalled 
about 135,000 lithium-ion re- 
chargeable battery packs after 
several melted or charred laptop 
casings. The battery, made by 

a third-party vendor that HP 
wouldn’t identify, is used in the 
HP Pavilion, Compag Presario, 
HP Compaq and Compag Evo 
laptops. HP received 16 reports 
of batteries overheating. 


Palm, RIM to Jointly 
Release New Device 


Palm Inc. and Research In Motion 
Ltd. plan to announce today the 
BlackBerry Connect for Palm Treo 
650. The jointly developed hand- 
held system will ship in early 
2006. The device, which will run 
the Palm Garnet operating sys- 
tem, will push e-mail and calen- 
dar functions to BlackBerry 
users. The new system also gives 
IT shops the option of offering 
users Treo devices instead of 





BlackBerries. 
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VMware Upgrade Will Double 
CPU Support, Automate ‘Tasks 


Dynamic reallocation, load balancing 
on tap for server virtualization software 





BY PATRICK THIBODEAU 
MWARE INC. plans 
to release new ver- 
sions of its flagship 
server virtuaiization 

products in next year’s first 

quarter, doubling the number 
of processors supported by its 

ESX Server software to four 

and adding a set of automation 

features. 

The upgraded releases of 
ESX Server and VMware’s Vir- 
tualCenter software, which are 
typically purchased together, 
are scheduled to be detailed 
this week at VMware’s user 
conference in Las Vegas. 

Brian Byun, vice president 
of products at the Palo Alto, 
Calif.-based subsidiary of 
EMC Corp., said last week that 
the new software will be able 
to monitor physical servers 
and automatically reallocate 
virtual machines to other sys- 
tems in the event of any fail- 
ures. That function, called the 
Distributed Availability Ser- 
vice, is designed to ensure that 
applications can continue to 
run without intervention by 
systems administrators. 

Also included is a feature 
called Distributed Resource 
Scheduling, which is intended 
to improve system utilization 
by continuously balancing 
workloads, Byun said. 

The upcoming ESX Server 3 
and VirtualCenter 2 releases 
are in limited testing now and 
should be ready for wider beta 
tests later this year. 


Virtual Opportunities 

The four-way processor sup- 
port and a planned increase in 
memory capacity to 16GB, up 
from 3.5GB, may allow some 


| users to move resource-inten- 


sive applications to virtual 
machines. 

That’s something Doug Baer, 
a systems engineer at Desert 
Schools Federal Credit Union 





in Phoenix, is thinking about. 
Baer manages 152 physical 
servers, mostly dual-processor 
x86 machines, and he has vir- 
tualized many of his systems, 
which support about 2,000 
end users. With the increased 
processor support in ESX, it 
may be possible to move the 
credit union’s SQL Server 
database to a virtualized 
environment, Baer said. 
Virtualizing SQL Server 
would also enable him to use 
the automated fail-over capa- 
bilities in VMware’s new re- 
leases. “It will probably give us 
better disaster recovery for 
our SQL Server,” Baer said. 
“With VMware, it’s pretty 





VMware's Plans 
WHAT'S COMING: ESX Server 3 
virtualization software, Virtual- 
Center 2 tools for managing 
DELIVERY SCHEDULE: A public 
beta is due later this year. A com- 
mercial release is expected to be 
ready in Qi of 2006. 


TROP E ARO DOOR ORD EF Ee EEE Hoes 


PRICING: Not finalized. ESX 
and VirtualCenter now start at 
$5,000; existing users on main- 
tenance contracts can get new 
releases at no extra cost. 


much a file copy for disaster 
recovery versus having to re- 
build a machine.” 

Increasing the support in 
ESX to four virtual CPUs “is 
a big deal for VMware cus- 


tomers that have reached the 
end of scalability on their cur- 
rent product,” said Dan Kus- 
netzky, an analyst at IDC. He 
noted that although some vir- 
tualization vendors can sup- 
port up to 16 processors, “very 
few applications would need 
more than two to four proces- 
sors” at this point. 

Jonathan Eunice, an analyst 
at Illuminata Inc. in Nashua, 
N.H., called the planned re- 
leases “a strong upgrade.” Mi- 
crosoft Corp. and the develop- 
ers of the open-source Xen 
software are each trying to 
commoditize basic virtualiza- 
tion capabilities, he said. But 
“that’s something they can only 
do over time, not immediately,” 
he added. “VMware remains 
well in the lead.” @ 57544 





Novell, IBM Take New Tack 
On Blade-Server OS Pricing 


BY CAROL SLIWA 
IBM BladeCenter users will 
get a new chassis-based sub- 
scription option that could 
save them money on their op- 
erating system costs, as long 
as they’re running Novell Inc.’s 
SUSE Linux Enterprise Server 
on all the blades in a chassis. 
The two vendors last week 
jointly announced that a single 
SUSE Linux subscription 
priced at $2,792 will cover the 
maximum of 14 blade servers 
that can be configured in a 
single BladeCenter unit, re- 
gardless of the types and 
quantities of CPUs being used. 
“TI would love it if more ven- 
dors came out with that style 
of pricing,” said Randy Folmes, 
director of information ser- 
vices at Woodbine Entertain- 
ment Group in Toronto. “It’s 
a big job managing licensing 
at a time when we have 30- 
odd servers running different 
operating systems [and] differ- 
ent applications.” 





Woodbine, which operates 
two horse-racing tracks in On- 
tario plus related businesses, 
has eight blades in its Blade- 
Center, running a mix of SUSE 
Linux 8, NetWare 5.1 and Win- 
dows 2000 Server. Folmes ex- 
pects to fill the remaining six 
slots by the end of next year 
and is budgeting for a new 
BladeCenter in 2007. He said 
he’ll consider chassis-based 
subscription pricing for that 
unit, as Woodbine continues 
to move away from NetWare. 


Added Flexibility 
The chassis-based pricing 
gives BladeCenter users flexi- 
bility so they “can buy blades 
and stick them into the rack 
as they need them,” said Al 
Gillen, an analyst at IDC. 
The $2,792 price for the 
chassis-based SUSE Linux 
subscription is exactly eight 
times the $349 cost of a sub- 
scription for a single server 
with up to two CPUs. That 








makes eight blades the break- 
even point for customers opt- 
ing for the new approach. 
Scott Handy, vice president 
of worldwide Linux at IBM, 
noted that blades are often 
used for server consolidation 
and virtualization. He said 
that the single subscription 
fee will apply even if the 14 
blades in a chassis are running 
dozens of SUSE Linux images. 
“Once they license the chas- 
sis, they can deploy any num- 
ber of instances of the operat- 
ing system,” said Ed Anderson, 
vice president of global prod- 
uct marketing at Novell. He 
added that although Novell is 
adopting chassis-based pricing 
with IBM first, it has the right 
to strike similar deals with 
other blade vendors. 
Hewlett-Packard Co. doesn’t 
offer per-chassis pricing on its 
blade units. But it does offer 
bundled licensing under one 
management registration key 
that covers 25 software com- 
ponents, including the operat- 
ing system as well as provi- 
sioning and management 
tools, according to an HP 
spokeswoman. @ 57540 
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Cisco Offers New Devices to 
Boost Performance of Apps 


Vendor adds acceleration appliances 
for data center, branch-office systems 





BY MATT HAMBLEN 
ISCO SYSTEMS INC. 
last week announced 
two sets of appli- 
ances that are de- 
signed to improve application 
performance on data center 
systems as well as ones used 
in corporate branch offices. 

The new products include 
the Application Velocity 
System (AVS), a line of appli- 
cation acceleration, security 
and monitoring appliances for 
the data center that combines 
Cisco-developed hardware 
with software the company 
obtained in its June acquisition 
of FineGround Networks Inc. 

Cisco announced two AVS 
models. The vendor said the 
3120 lets remote users access 
Web-based applications at re- 
sponse times similar to those 
of LANs, while the 3180 moni- 
tors and reports on response 
times networkwide. 

For branch offices, Cisco in- 
troduced three appliances that 
it calls Wide-Area Application 
Engines (WAE). The company 
said the devices will let com- 
panies maintain LAN-like ac- 
cess to applications while con- 
solidating distributed systems 
into central data centers to re- 
duce management costs. 


Streamlining Traffic 
Hy-Vee Inc. has used Fine- 
Ground’s Condenser software, 
which is now part of AVS, for 
three years to cut overall 
frame-relay bandwidth usage 
by 40% for remote intranet 
users, said Brad Styve, a sys- 
tems analyst at the 220-store 
supermarket chain in West 
Des Moines. “The amount of 
data going down the pipe is 


MORE THIS ISSUE 


Cisco rival F5 Networks adds an appli- 
cation-layer firewall to its Big-IP appliances. 
Page 24 





significantly reduced,” he said. 

Condenser runs on a Linux 
server at Hy-Vee, but AVS will 
be sold as a stand-alone, in- 
tegrated product. A Cisco 
spokesman said that will allow 
users to fully integrate the 
AVS technology with the ven- 
dor’s other products, includ- 
ing the WAE appliances. 

Jay Mellman, director of 
product marketing for Cisco’s 
Application Oriented Net- 
working product family, said 
the AVS devices drastically re- 
duce “server chatter” by using 
modifications to conventional 
caching techniques to opti- 
mize data transfers. 





TSI Inc., a maker of preci- 
sion instruments in Shore- 
view, Minn., recently deployed 
three WAE appliances with 
Cisco’s Wide Area File Ser- 
vices technology at its opera- 
tions in the U.K. In coming 
months, the company plans 
to expand by rolling out 
five more WAEs in Sweden, 
Germany and China, said 
IT director Philip St. Ores. 

St. Ores said the main bene- 
fit of the WAEs is that they re- 
duce the amount of IT equip- 
ment needed at remote loca- 
tions, as well as support costs. 

“The financial benefits are 
real in the form of reduction 
in servers, software licenses 
and support time,” he said, 
adding that TSI can now cen- 
tralize its servers and elimi- 





nate domain controllers and 
redundant backup systems at 
the remote sites. 

The market for application 
acceleration products is “ex- 
panding rapidly,” said Rob 


AVS: 
= Can be used with any data center 


applications based on HTML or XML. 


and minimizes the overhead needed 


1 Includes a firewall to help users 
identify and block application-layer 


@ Pricing starts at $34,995 for the 
AVS 3120; $14,995 for the 3180. 





Whiteley, an analyst at For- 
rester Research Inc. He pre- 
dicted that worldwide sales 
will total about $2 billion this 
year, with growth being fueled 
by Web applications and the 
need to use limited branch- 
office space more efficiently. 
All of the new appliances 
are available now, Cisco said. 
The WAE devices are also be- 
ing offered as a module for use 
with Cisco’s family of integrat- 
ed services routers. @ 57543 





Executive Defends Cisco’s Handling of Black Hat Dispute 


BY MATT HAMBLEN 
SAN JOSE 

At the Black Hat USA confer- 
ence in July, Cisco Systems Inc. 
and Atlanta-based Internet 
Security Systems Inc. 

tried to stop security re- 
searcher Michael Lynn, 

until then an ISS em- 

ployee, from giving a 
scheduled talk about a 

flaw in Cisco’s router 
software. The compa- 

nies also prodded Black 

Hat’s organizers to re- 

move Lynn’s slides from the 
conference proceedings, and 
they secured a court injunction 
preventing him from further 
spreading information about 
exploiting the flaw. Jeff Platon, 
vice president of product mar- 
keting for security and applica- 
tion networking technology at 
Cisco, spoke last week with 
Computerworld about Cisco’s 
handling of the Black Hat dis- 
pute, among other topics. 


Has Cisco’s reputation been 
helped or hurt by the events at 
Black Hat? We remain vigilant 


in trying to protect our intel- 

lectual property and fulfilling 

our obligations around full 

and prompt disclosure of vul- 

nerabilities and solutions that 
customers need to re- 
solve any potential risks 
they have with [a] vul- 
nerability. 

So a great example 
was this issue with 
Michael Lynn. This was 
a previously disclosed 
vulnerability with 
patches already out. 

What was inappropriate with 
that issue was the perspective 
of that individual. It would be 
akin to [saying], “Here’s an 
atomic bomb diagram, and I’m 
going to show you some short- 
cuts on how to build one in 
your kitchen.” That was really 
what he did. And it was inap- 
propriate and bordering on 
the criminal, which is why law 
enforcement got involved. 
Those are criminal acts, to ex- 
ploit vulnerabilities with the 
intent to harm. 

So I would summarize by 
saying we remain vigilant in 





fulfilling our obligations to 
customers to ensure that they 
have the highest reliability of 
network-connected systems 
possible. 


But do you think that Cisco's 
image was enhanced or not as 
a result of your handling of the 
Lynn presentation? I think we 
were consistent in terms of 
the proactive nature of early 
disclosure and going out to 
customers and helping them 
with methods to mitigate the 
liability. 


Still, there were news reports 
that Cisco had told people to rip 
the pages out of Lynn’s Black 
Hat presentation, among other 
things. Have you heard any back- 
lash from customers? We've 
had no negative comments 
from customers. I believe cus- 
tomers continue to trust us to 
do the right thing. What hap- 
pened, it is what it is. Were 
there other ways it could have 
been handled? Certainly. But it 
is what it is, and we were try- 
ing to fulfill our obligations. 


What if something like this hap- 
pened again at next year’s Black 
Hat conference, or elsewhere? 
Have you put anything in place 
to change how you'd react? Yes, 
we have a better process in 
place than we had before. 


Different lawyers? We have the 
same people involved. It wasn’t 
so much about our lawyers. It 
was the [public] perception. 
We have a better methodology 
to handle that. The methods 
may change slightly. 


You mentioned that many of 
Cisco’s large customers had 
made the fix to the router soft- 
ware before the Black Hat inci- 
dent. Are there any contractual 
terms that require users to install 
the patches you give them? No, 

I think it’s a “trusted adviser” 
status, where they trust us to 
recommend good, proper con- 
figurations. [But] when we 
make a strong recommenda- 
tion, it’s really not like you 
have a choice. You do really 
need to make this change. 


@ 57517 
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Microsoft Adds 
Portal to Navision 


Microsoft Corp. has released a 
service pack for Navision that in- 
cludes a new portal to the suite of 
business management software. 
Service Pack 1 for Navision 4.0 
adds the Navision Employee Por- 
tal, built from the integration of 
Navision and Windows SharePoint 
Services and SharePoint Portal 
Server. The package also im- 
proves integration with Microsoft 
Office and Microsoft SQL Server. 


AMD Posts Positive 
Financial Results 


Taking advanta se of its technical 
lead over rival intel Corp. in dual- 
core server processor develop- 
ment, Advanced Micro Devices 
Inc. reported better than expected 
third-quarter results. 


AMD BY THE NUMBERS 


ie 


Search Engine Hole 


Google Inc. fixed a security vul- 
nerability on its search-engine 
Web site within days of being told 
about it by Finjan Software Inc. 
The security vendor’s Malicious 
Code Research Center told Google 
of a cross-site scripting vulnera- 
bility that could have allowed a re- 
mote attacker to take over Google 
accounts or deceive users into 
revealing personal information. 


BEA Agrees to Buy 
RFID Tool Maker 


BEA Systems Inc. has agreed to 
purchase privately held Connec- 
Terra Inc. The Cambridge, Mass.- 
based RFID middleware vendor 
makes infrastructure software 
for collecting data from RFID de- 
vices and distributing it for use 
in applications. The software 
treats RFID data as an asset to 
be incorporated into applications 
and business processes. Terms of 
the deal weren’t disclosed. 





www.computerworld.com 


: HOT TECHNOLOGY TRENDS, NEW PRODUCT 
' NEWS AND INDUSTRY BUZZ BY MARK HALL 


Fuel Crunch Puts 
Budget Brakes . . . 


. .. on local travel while pushing pedal to the metal on Web 
conferencing. Genesys Conferencing Inc. in Reston, 
Va., polled about 6,000 of its 50,000 North American 
users and discovered a new reason why traffic on its 
Web- and audio-conferencing system has skyrocket- 


ed 40% in 
the past 12 
months: the 
price of gaso- 
line. Peaking 
petrol prices 
have pushed 
people out of 
their cars 
and in front 
of their PCs 
when they 
need to meet, said Denise 
Persson, executive vice presi- 
dent of marketing at Genesys. 
“Before, Web conferencing 
has been seen as a lower-cost 
alternative to air travel, but 
now it’s also cross-town trav- 
el,” she observes. Persson 
says 25% of those surveyed by 
Genesys last month predicted 
that they’ll further increase 
their use of Web conferenc- 
ing in lieu of driving to local 
meetings. The vast majority 
of those virtual get-togethers 
will be for intracompany con- 
fabs, Persson adds. 

Fred Amoroso, CEO of 
Macrovision Corp. in Santa 
Clara, Calif., agrees that the 
rise in energy costs is having 


PERSSON 
High fuel costs 
boost Web 
Py etc 





an effect on the IT industry. 
But the news isn’t all good, he 
says, pointing to a study by 
Morgan Stanley revealing 
that corporate CIOs have cut 
IT spending growth projec- 
tions for this year from an av- 
erage 4.3% increase in Janu- 
ary to 3.3% as of August. 
Amoroso, who spoke at the 
SoftSummit 2005 conference 
in Santa Clara last week, 
notes that the study blames 
ballooning fuel costs for the, 
er, shrinking growth. 


Packaged software is 
getting whacked. . . 

. .. bya shift inside IT to devel- 
op apps internally. That’s the 
conclusion drawn by Ken 
Berryman, a consultant at 
McKinsey & Co. who also 
spoke at SoftSummit 2005. 
According to Berryman, New 
York-based McKinsey in 1998 
estimated that 31% of busi- 
ness applications were inter- 
nally developed. By 2003, that 
percentage had jumped to 
42%, while packaged apps fell 
from 32% of the mix to 28%, 
he says. Berryman says he 





expects the trend to 
continue because 
there is now “a much 
more standard soft- 
ware stack” for IT, 
including everything 
from middleware to 
network protocols. 
Plus, he says, devel- 
opment tools are 
improving. 


, 


Keep tabs on changes 
to open-source... 

. .. technologies used in your 
app-dev process. Marina del 
Rey, Calif.-based start-up 
Mergere Inc. makes its prod- 
uct debut this week with 


| Maven 2.0, a commercial ver- 


sion of Maven open-source 
software. According to CEO 
Winston Damarillo, Maven 
checks which open-source 
code is used in your applica- 
tions, determines whether it 
has changed and shows the 
dependencies between your 
programs and their open- 
source components. Maven 
2.0 adds features such as the 
Policy Injector tool, which 
lets IT managers define and 
enforce open- 
source devel- 
1 opment poli- 
cies. For exam- 
vietiecm ple, you may 
projects want to use 
tracked by only open- 
NE source code 
covered by 
a particular license and 
Maven 2.0 can make sure 
that’s the case. Annual sub- 
scription pricing for Maven 
2.0 starts at $25,000 per de- 
velopment project. 


Overcome the overload 
of information. . . 

. .. generated by systems data. 
Andrew Lark, chief marketing 
officer at LogLogic Inc. in 
San Jose, claims that a big 
corporate data center can 
annually spew out up to 43TB 
of log-file data from servers, 
routers, firewalls and other 
devices. Lark says those logs 
contain clues to solving many 
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IT problems. But who 
wants to manually 
pore over those files? 
Not you, he’s betting. 
His company’s appli- 
ances, running a new 
LogLogic 3.1 software 
release, can collect 
50,000 log messages 
per second, index the 
data and store up to 
24TB, which you can 
search at your leisure. Speak- 
ing of information overload, 
Lark says that with Version 
3.1, you can create up to 
13,000 custom reports to 
impress your boss. The up- 
grade also includes an Open 
Log Routing feature, which 
lets log data be viewed via 
other management consoles. 
LogLogic 3.1 ships this week; 
the appliances start at $75,000. 


Off-load the desktop 
processing of. . . 

. .. your InCopy and InDesign 
files. Late this fall, Adobe Sys- 
tems Inc. plans to ship its In- 
Design Server CS2 software. 
According to Kiyo Toma, a 
product manager at San Jose- 
based Adobe, the new soft- 
ware will handle the complex 
file check-in synchronization 
process required by Adobe’s 
publishing suite, improving 
performance for end users 
who now have to wait while 
their PCs do 
the work. 
Toma also 
claims that 
the server 
will give 
users contin- 
uous uptime 
of 30 days. 
That might 
not sound 
impressive to 
data center managers, he 
admits. But it should impress 
the publishing world, where 
five days without a server 
reboot is almost magical. 
InDesign Server CS2 runs 
on Windows and Macintosh 
servers. Pricing wasn’t re- 
vealed. @ 57495 
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All IT Systems 


One Service [eam 


For multi-vendor, cross-platform service and support, Fujitsu is the one. 


From mainframes to servers, notebooks, 

and Tablet PCs, no other company provides 

the full spectrum of services to support 
business-critical computing like Fujitsu. 

In addition to our own products, we support 
a variety of platforms such as Sun™, IBM?®, 
and HP plus OS/390°®, UNIX®, Windows 
and Linux environments. We also provide 
services that improve the operation 

of your existing IT investments and 

drive down costs. So, if it's 

critically important to a ClO’s IT 
infrastructure, we service it. 


PRIMEPOWER® Servers 


LifeBook” Notebooks 


PRIMERGY® Servers 


PRIMEQUEST™ Servers 


With more than 30 years of direct 
experience collaborating with our customers 
and aligning their IT and business objectives, 
we've learned what it takes to maintain a 
wide variety of complex, mission-critical IT 
environments—and deliver a higher level of 
service, for multi-vendor, cross-platform 
environments. We provide a single point of 
contact and full accountability to 

reduce the complexity and cost of 

support, streamlining operations to 

offer greater business value. 


To learn more reasons why ClOs entrust their IT systems to Fujitsu, visit 
us.fujitsu.com/computers/services or call 1-800-831-3183. 
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NEWS 


Irish Agency Halts Work on 
Two SAP Application Projects 


Troubled health department payroll 
system nearly $170 million over budget 


BY MARC L. SONGINI 
HE HALTING OF two 
controversial SAP 
AG ERP system roll- 
outs — valued at 

more than $380 million — this 

month has ignited a political 
firestorm in Ireland. 

The Irish Health Service 
Executive (HSE), an oversight 
committee for the national 
health department, suspended 
work on the Personnel, Payroll 
and Related Systems (PPARS) 
project, which was started 10 
years ago to handle payroll 
functions for the unit’s 120,000 
employees. 

Work on the project was 
halted Oct. 6 after numerous 
problems were found in the 
first four regional installations 
in operations that together 
employ 37,000 department 
workers. 

The committee also ceased 
work on another, unrelated 
health department project, the 
Financial Information Systems 
Project (FISP). 

The government hired New 
York-based consulting firm 
Deloitte & Touche LLP to im- 
plement both systems, which 
are based on SAP’s R/3 ERP 
software. 


A Textbook Example 
Critics in Parliament and else- 
where have called both proj- 
ects examples of mismanage- 
ment and waste. “It’s like a case 
study in how not to run a proj- 
ect,” said a spokesman for 
Enda Kenny, the leader of 
Irish opposition party Fine 
Gael. “It’s appalling stuff.” 
Officials have described the 
PPARS application, which 
was further along than FISP, 
as the most complex human 
resources, time management 
and payroll system ever imple- 
mented in Ireland. After being 
launched around 1995, the proj- 
ect was budgeted at $10.7 mil- 





lion and was expected to take 


| three years. After 10 years, the 


expected price tag has rocket- 


| ed to $180 million. 


For this price, Kenny said 
earlier this month, the agency 
could have built a “brand new 
600-bed hospital.” He said the 
system has made widespread 
payroll errors — for example, 


| one staffer was accidentally 


paid $1.2 million. The major 
pilot site for the program — 
St. James Hospital in Dublin — 
also has had numerous payroll 
problems caused by the soft- 
ware, he said. 

Faced with such opposition 
and problems, the HSE decid- 





ed to halt work on the PPARS 
project until it is assured that 
any future investments will re- 
sult in a system that works as 
advertised. 

The FISP project aimed to 
build a single financial and 
materials management system 
that supports current best 
practices. The system, expect- 
ed to cost about $203 million, 
would replace a mishmash of 
legacy systems and processes. 
About $36 million has been 
spent so far on the project, 
which is considered on time 
and on budget. “Nevertheless, 
it is important that the HSE is 
completely satisfied that all 
such systems are adequate 
to its future needs,” said a 
spokeswoman for the HSE. 

The committee has yet to 


Defense Logistics Unit Has 
Weak Security, GAO Says 


Cites inadequate 
training, lack of 
system testing 

BY LINDA ROSENCRANCE 

The Defense Logistics Agency 
isn’t fully protecting its infor- 
mation systems, according to 
a report released last week by 


| the Government Accountabil- 


ity Office. 

The DLA is responsible for 
providing goods such as food, 
fuel, medical supplies and 
spare parts for weapon sys- 
tems to the U.S. Department 
of Defense. In its report, the 
GAO said the logistics agency 
has made some progress in 
implementing key elements of 
its information security pro- 
gram but needs to do more. 

The report credited the 
DLA for establishing a central 
security management group 
and appointing a senior infor- 
mation security officer. But 
the GAO said the agency has 
failed to consistently assess 





the security risks that could 
result from unauthorized ac- 
cess to its systems and the 
improper use, disclosure or 
destruction of data. 

In addition, employees re- 
sponsible for the DLA’s infor- 
mation security program 
haven’t received enough train- 
ing; annual security testing 
and evaluation of management 
and operational controls 
haven’t been done; and plans 
to mitigate known IT deficien- 
cies haven’t been completed, 
according to the GAO. 

Until the DLA addresses the 
security management and 


complete its evaluation and 

| determine the precise cause of 
the problems with the PPARS 
application. However, it has 
been suggested that the com- 
plexity of the project — and of 
the system it was replacing — 
was a definite factor. 

In a statement issued earlier 
this month, Irish Minister of 
Health Mary Harney, to whom 
HSE reports, said her agency 
hadn’t realized the complexity 
of the older payroll system, 
which included “over 2,500 
variations in payment arrange- 
ments across the entire health 
system,” until the PPARS proj- 
ect was well under way. 

“The extent of the incoher- 
ence was not known before 
PPARS implementation work 
commenced,” she said. 





oversight weaknesses and im- 
plements an effective agency- 
wide IT security program, it 
may not be able to protect the 
confidentiality, integrity and 
availability of its systems and 
data. 


Recommendations Made 
The GAO, which completed a 
10-month audit of DLA facili- 
ties in July, outlined 10 steps 
that the agency should take to 
improve its security practices 
and controls. 

The recommendations in- 
clude a call for the DLA to en- 
sure that workers who are in- 
volved in IT security get ade- 
quate training and that the 
training program be moni- 
tored by agency officials and 
updated as needed. 
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contention in Parliament. 


For its part, SAP wouldn’t 
comment directly on the proj- 
ect but said in a statement that 
“the HSE is a highly valued 
customer of SAP Ireland.” A 
spokesman for Deloitte’s Irish 
branch declined to comment 


on the projects. @ 57533 


READ MORE ONLINE 


St. James Hospital in Dublin, a PPARS pilot 
site, wants to abandon the payroll system: 


QuickLink 57532 
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In a written response to the 
GAO, Paul Brinkley, deputy 
undersecretary of defense for 
business transformation, 
agreed with most of the rec- 
ommendations and said the 
DLA is working to address 
them. For example, Brinkley 
wrote that the DLA plans to 
distribute a Defense Depart- 
ment manual with detailed 
guidance on security training. 

However, Defense Depart- 
ment officials disagreed with 
three of the recommendations, 
including the need to annually 
test the effectiveness of secu- 
rity controls for all systems. 
Brinkley said that doing so 
would amount to annual re- 
certification and is neither 
practical nor cost-effective. 

The GAO countered that 
it doesn’t expect the DLA to 
test all of its information- 
assurance controls annually. 
But it said that it does want 
to ensure that the testing ef- 
forts include management, 
operational and technical con- 
trols for every system in the 
agency’s inventory, as required 
by the Federal Information 
Systems Management Act. 


@ 57511 
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FOR DISASTER 
RECOVERY 


The unfortunate fact is disasters happen. 

But ultimately, it’s how fast your business can 
recover that really counts. Providing the leading 
technologies and services like our Business 
Continuity and Disaster Recovery assessments, 
Insight can help you gain greater understanding 
and control of your data, your IT environment and 
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everything you need to keep IT up and running. 
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When Calderon Textiles’ new VP of Operations, Mike Elkin, needed a 7) 
complete understanding of its data infrastructure connecting distributors 

and suppliers around the world, he turned to Insight for a Business Continuity 

Assessment. Insight’s security, infrastructure and disaster recovery experts 

performed a top-to-bottom evaluation of the logical and physical environments 

and provided a complete report that prioritized the risks, issues and resolutions. 
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Intel Unveils First 
Dual-Core Chips 


Intel Corp. has unveiled its first 
dual-core Xeon chips for two- 
and four-processor servers. 
Developed under the code name 
Paxville, the new chips are said 
to be 50% more powerful than 
their single-core predecessors, 
and they cost about 40% more 
than those chips. The version for 
two-chip servers is available im- 
mediately at 2.8 GHz. Dual-core 
Xeon-based systems can now be 
ordered from Dell Inc., Hewlett- 
Packard Co. and IBM. 


Second Beta of 
Firefox 1.5 Ships 


The Mozilla Foundation announced 
that it has released a second 

beta version of the Firefox 1.5 
Web browser in order to focus on 
tackling nagging security issues. 
The Beta 2 release comes just a 
month after Beta 1 shipped. Ver- 
sion 1.5 is Firefox’s first major 
update since the Web browser 
officially debuted last year. 


Mac and iPod Sales 
Set Apple Record 


Apple Computer Inc.’s fiscal 
2005 fourth quarter was the best 
operating period in the company’s 
history - thanks to robust Macin- 
tosh and iPod sales, according to 
the company. 


APPLE BY THE NUMBERS 
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Citrix Adds 64-Bit 
Presentation Server 


Fort Lauderdale, Fla.-based Citrix 
Systems Inc. announced that it 
has released a 64-bit version of 
its flagship product, which it says 
will enable users to significantly 
increase server workloads and re- 
duce hardware needs. The Citrix 
Presentation Server 4.0 for Micro- 
soft Windows Server 2003 x64 
edition can be used to run 64- and 
32-bit applications on a server. 
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NEWS 


More Companies lap 
IT for Sarbanes-Oxley 


Tools can automate controls, processes 


BY THOMAS HOFFMAN 
OMPANIES ARE in- 
creasingly turning to 
technology in their 
Sarbanes-Oxley Act 

compliance efforts in order to 

automate internal controls or 
streamline their activities, ac- 
cording to new research and 
interviews last week with cor- 
porate executives. 

Three of four U.S.-based 
multinationals will be making 
extensive use of IT in Sar- 
banes-Oxley compliance proj- 
ects this year, according to a 
survey of 131 corporations by 
PricewaterhouseCoopers that 
was released last week. 

On the other hand, one-fifth 
of the companies expect to 
make no significant technol- 
ogy changes in efforts to com- 
ply with the legislation’s direc- 
tives, according to the New 





York-based consulting firm. 

FirstEnergy Corp. is one 
company that has utilized 
technology to seize upon the 
opportunities cited by Price- 
waterhouseCoopers. 

Last June, the diversified en- 
ergy company in Akron, Ohio, 
purchased compliance soft- 
ware from Certus Software 
Inc. in Cupertino, Calif., to 
help make its processes “more 
repeatable and less costly,” 
said Alan Michel, FirstEnergy 
manager of internal auditing. 

FirstEnergy just this month 
finished rolling out the soft- 
ware to its internal auditors 
and expects by early 2006 to 
extend it to more than 250 
users, he said. 

Michel said that the combi- 
nation of the technology and 
processes created by the com- 
pany to address Sarbanes- 





Oxley requirements should 
lower the company’s compli- 
ance costs by 20% to 40%. 
Last year, most of First- 
Energy’s compliance activities 
were handled manually using 
a hodgepodge of spreadsheets, 
Word, PowerPoint and Visio 
documents, he said. 


‘Dramatic Decrease’ 
Michel said the Certus tool 
has already led to a “dramatic 
decrease” in the amount of 
time FirstEnergy’s staff needs 
to complete its quarterly com- 
pliance efforts. 

Tempur-Pedic International 
Inc. began implementing com- 
pliance software from Irvine, 
Calif.-based Logical Apps Inc. 
last March “to help us become 
more [Sarbanes-Oxley ]-com- 
pliant,” said Michael Smith, 
vice president of IT at the 
Lexington, Ky.-based maker of 
pillows and mattresses. 

By implementing the com- 
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TT and 
Sarb-Ox 


Selected results of a survey 
of 131 CFOs and managing 
directors that was completed 
in July 2005: 


75% ot respondents expect to 
make significant IT investments 
for Sarbanes-Oxley compliance 
projects. 


10% said a lack of technology 
has been a problem area in Sar- 
banes-Oxley compliance efforts. 


40% said their IT organiza- 
tions respond effectively to re- 
quests to find better ways to sup- 
port compliance processes and 
the controls environment. 


21% said their IT departments 
have been proactive in identifying 
ways to use technology for more- 
effective compliance. 


SOURCE: PRICEWATERHOUSECOOPERS 


pliance software, Smith said 
he hopes to automate as many 
IT controls as possible, “so we 
don’t have to fish through pa- 
perwork to demonstrate seg- 


regation of duties.” @ 57519 





IBM Brings Out Virtual Tape 
Library, SAN Controller 


Linux system is 
the first in a series 
of library releases 


BY LUCAS MEARIAN 

IBM last week unveiled its 
first virtual tape library for 
open systems along with a ma- 
jor upgrade of its TotalStorage 
SAN Volume Controller 
(SVC) virtualization engine. 

SVC Version 3.1, which 
pools storage resources from 
heterogeneous arrays behind 
an appliance, will support up 
to four times more servers — 
as many as 1,024 — than the 
current version and manage 
larger storage networks, 

IBM said. 

The SVC upgrade, which 
ships on Nov. 18, will also let 
users choose among native 
copy functions, which allow 





communication with products 
of other vendors. The upgrade 
is priced from $43,000. 

Dave Samic, senior network 
analyst at FirstMerit Bank NA 
in Akron, Ohio, a user of the 
current SVC version, said he 
expects the updated offering 
to let him expand the storage- 
area network at his operation. 
The First Merit SAN now 
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Starting 
price _ capacity 


$175,000 46TB 


IBM's Virtualization 
Engine TS7510 
Hewlett-Packard’s 
StorageWorks 6510 
Virtual Library System 
EMC’s Clariion 

DL310 

Disk Library 


*Compressed 





$57,194 


$110,000 37TB* 


runs up to 115 virtual servers 
supported by a single IBM 
FAStT700 midrange array be- 
hind the SVC appliance. 

“We're looking at growing 
this SAN. When you have 
servers scattered around the 
building, you add to adminis- 
trative overhead. I’m excited 
to see a new major release like 
this,” Samic said. 

Tony Prigmore, an analyst at 
Enterprise Strategy Group Inc. 
in Milford, Mass., added that 
IBM had little choice but to 
add the native copy capabili- 


Number Number of 
of virtual tape libraries 
drives it can emulate 


512 64 


10TB 64 16 


512 





ties, because users have been 
requesting it. “Now they can 
pass through the storage-array 
data protection and migration 
features [from other ven- 
dors],” he said. 

IBM’s new Linux-based 
Virtualization Engine TS7510 
is the first of what IBM says 
will be a series of virtual tape 
libraries. 

The TS7510 combines hard- 
ware and software to provide 
tape virtualization for Unix- 
and Intel-based servers that 
connect to Fibre Channel 
storage systems. The rack- 
mounted Virtualization En- 
gine server scales to 46TB. 

Prigmore said that although 
IBM entered the virtual tape 
library fray after rivals EMC 
Corp. and Hewlett-Packard 
Co., the company can draw on 


| its enormous server and stor- 


age installed base to sell the 
new product. 

The TS7510 is priced from 
$175,000 and will be available 
on Oct. 28. @ 57515 





MOST EMPLOYEES CAN'T EVEN SEE THEIR DESK 
MUCH LESS WORRY ABOUT ENSURING COMPLIANCE 


Reduce compliance risk and email storage requirements with automated email management. 


Email gives you 35 billion reasons every business day to find a better way to manage it. Email must meet the 
same rigorous compliance mandates as other corporate documents. Inadequate storage, human error, and 
inconsistent policy enforcement put you at risk. FileNet Email Manager with exclusive ZeroClick technology 
automates your entire email management lifecycie — minimizing human interaction, improving productivity and 
mitigating storage needs. It's much more than an archival solution. Together with FileNet Records Manager, 
email can now be fully managed without user interaction or costly infrastructure. The leading choice of global 


enterprises, you won't find a better email management solution anywhere. (We know your employees can't.) 





Learn how to make better decisions, faster. 


Download the Email Management white paper at 
www.filenet.com/emailwp 
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Interex’s customer database 
and mailing list from Genisys 
Corp., a Redmond, Wash.-based 
seller of refurbished HP hard- 
ware. That offer has triggered 
a bidding process that has giv- 
en other interested parties a 
chance to top Genisys’ offer. 
Higher bids of at least $16,500 
must be submitted to Wu by 
Wednesday, the notice said. 
The customer information 
collected by Interex “is valu- 
able data,” said Donna Garver- 
ick, secretary of OpenMPE 
Inc., an HP e3000 user group 
that includes many former In- 
terex members. She noted that 
the database likely includes 
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submitted at the time 
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and/or membership renewal 
may be used by Interex for 
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of Interex products. . . .In 
addition, your name and 
mailing address may be pro- 
vided to a licensed and bond- 
ed third-party mail house for 
one-time use by carefully 
selected HP-centric partner 
companies. 


details about the IT installa- 

| tions of Interex members. 

| Garverick said some of the 
| Interex members she had 
heard from were trying to de- 
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termine whether the user 
group’s bylaws prohibited the 
sale of the membership data. 
Renting the Interex mailing 
list was possible, she said, but 
there were controls on the 
data that could be released. 

There are also concerns 
about what could happen to 
the information collected by 
Interex once it’s sold — such 
as whether it could be resold 
and used by other companies, 
Garverick added. 

According to a cached ver- 
sion of the privacy-policy page 
from Interex’s now-shuttered 
Web site, members could limit 
the use of their e-mail address- 
es by third parties via an opt- 
out process. It aiso notes that 
names and mailing addresses 
could be provided to mailing 


| services firms for use by “HP- 
centric” vendors (see box). 

One former Interex mem- 
ber, who asked that his name 
not be used, said he’s upset 
that some of his personal in- 
formation could be sold to 
Genisys or another bidder. 

“I consider my e-mail ad- 
dress to be confidential,” the 
former member, who lives in 
New Mexico, wrote in an 
e-mail message. “There was a 
moral and ethical obligation 
[for Interex officials] to live up 
to their stated policy on col- 
lecting information on mem- 
bers — i.e., to not sell it or give 
it away. I understand the legal 
arguments that Interex no 
longer exists and that the court 
is in charge. But the court 
should respect that obligation.” 
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Chris Hoofnagle, senior 
counsel at the Electronic Pri- 
vacy Information Center in 
Washington, said that if In- 
terex’s privacy policy was 
silent on the issue of selling 
membership data, there may 
be nothing to stop the bank- 
ruptcy trustee from going 
ahead with the planned sale. 
He added that even in cases 
where policies bar sales of 
data, bankruptcy courts some- 
times override the provisions. 

A request to speak with Wu 
hadn’t been met as of press 
time. The notice about the 
planned sale said that if there is 
more than one bid for the data- 
base, an auction-style sale will 
be conducted by telephone on 
Thursday, starting at the high- 
est submitted bid. @ 57541 





University Turns to iSCSI to Boost 
Storage Without Breaking Budget 


Says upgrading its Fibre Channel system 
would have been too costly, complex 





BY LUCAS MEARIAN 
Coppin State University in Bal- 
timore early this year found 
itself facing a data explosion 
that had overwhelmed its two 
Fibre Channel storage arrays. 

Thus the school’s IT opera- 
tion was forced to find a way 
to supply users with an easy- 
to-manage online storage sys- 
tem that wouldn’t 
break the budget. 

Once that search 
began, the IT 
group saw two 
possible solutions 
to fix the problem. ———7 

One option was to replace its 
two 3-year-old EMC high-end 
Symmetrix Fibre Channel stor- 
age arrays, which were plagued 
with problems due to incom- 
patible switches, with new 
models that support far higher 
capacity. The second option 
was to use Internet SCSI tech- 
nology to add a second stor- 
age-area network. 

The school chose the latter 
option, and since implement- 
ing the SAN in June, Coppin’s 
IT staff has become convinced 
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that IP storage is critical, citing 
its relatively low cost and ease 


| of use. 


The university bought iSCSI 


| SAN technology for the new 


network in June from Left- 
Hand Networks Inc. Officials 
found the $100,000 price a 


| steal compared with the po- 


tential costs of upgrading its 
Fibre Channel in- 
frastructure, said 
Mitch PreVatte, di- 
rector of network 
services at Coppin. 

PreVatte noted 
that he has exten- 
sive support costs for the 
Fibre Channel systems. For 
example, PreVatte said he 
is looking at a $57,000 bill 
from EMC for servicing Cop- 
pin’s SAN to fix problems 
that were caused by the lack 
of compatibility between 
switches from Brocade Com- 
munications Systems Inc. and 
McData Corp. 

PreVatte said the switch 
problems stemmed from a rec- 
ommendation from nPlusOne 
Inc., a services firm in Edin- 


tional news: 
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burgh, that Coppin shift its Fi- 
bre Channel switch suppliers 
from Brocade to McData, citing 
a need for the latter’s high-end 
technology. NPlusOne offi- 
cials couldn’t be reached. 

PreVatte also said that he 
has found the iSCSI technol- 
ogy far less complex than Fi- 
bre Channel. 

“The iSCSI SAN was one 
of the smoothest installs I’ve 
ever done,” PreVatte said. “Fi- 
bre Channel, on the other 
hand, is a complex animal and 
requires a lot of specialized 
knowledge. Installing our Fi- 
bre Channel SAN was just a 
nightmare. We had tons of 
grief and in fact still have tons 
of grief.” 


Market Growth 


According to Gartner Inc., 
Coppin’s iSCSI decision is 
part of a trend. Based on a 
Gartner survey, the consulting 
firm projects that by 2006, 
iSCSI technology will connect 
almost 1.5 million servers to 
SANs, more than any compet- 
ing system. 

Gartner analyst James Opfer 
said iSCSI won't replace Fibre 
Channel in the data center be- 
cause of performance issues, 


but it will continue to grow 
substantially as a server con- 
solidation technology, espe- 
cially for low-end systems. 

PreVatte said Coppin’s 
new iSCSI SAN was installed 
in time to support a special 
project the school rolled 
out in June called Tegrity 
Notes. The program allows 
students to capture class 
notes digitally and then let 
the notes reside with record- 
ings of the class that feature 
audio, video and notes pre- 
sented by the instructor. The 
information is accessible on 

the Internet. 
| Overall, the school requires 
ever-increasing amounts of 
storage to support 1,400 com- 
puters on its data network, 650 
IP-enabled phones and a new 
PeopleSoft deployment that 
eats up 8.6TB of storage space 
on the two Symmetrix arrays, 
PreVatte said. 

PreVatte said the older Sym- 
metrix arrays will continue 
to run Coppin’s transactional 
databases that hold financial, 
human resources and student 
information, but there are no 
plans to add Fibre Channel ca- 
pacity. Any new storage sys- 
tems will be based on iSCSI 
technology, he said. 

“T’ve had no problems with 
reliability of the EMC gear. 
Their storage has been ex- 
tremely reliable,” PreVatte 
| said. “But I’m also dependent 








on outside resources, because 
if something doesn’t do what 
it’s supposed to be doing, I 
need someone who can fix the 


problems.” @ 57535 


Corrections 

THE SIZE of the workforce at 
Allstate Insurance Co. and the 
number of employees who have 
access to voice-over-IP services 
were misstated in a Sept. 26 
News story (“Converged Net- 
work, VoIP Projects Tax IT Man- 
agers”). Northbrook, lll.-based 
Allstate said that information dis- 
closed at a conference was 
wrong and that about 10,000 of 
its 70,000 workers are equipped 
for VolP usage. 

AN ITEM IN THE SECURITY LOG 
in last week's Technology section 
(“Kaspersky Products Hit by Se- 
curity Bug”) didn't include com- 
ments from a statement issued 
by security software vendor 
Kaspersky Lab on Oct. 4. In the 


Virus tool but said it had added a 
package of signatures that detect 
possible exploits of the flaw to 
the software on Sept. 29. That 
significantly reduces the chances 
of successful exploits, the com- 
pany said. The Security Log item 
also misidentified the location of 
Kaspersky's headquarters; the 
company is based in Moscow. 
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Flextronics to Add 2,000 
To Its Indian Workforce 


SINGAPORE 

LEXTRONICS CORP., which makes 
Prine circuit boards and other 

high-tech products on a contract 
basis, plans to hire about 2,000 more 
workers in India by the time it starts 
production at a planned facility in the 
city of Chennai next June. 

The Singapore-based company 
intends to invest $70 mil- 
lion to $100 million in the 
Chennai location over the 
next three to five years, 
according to Peter Tan, 
president and managing 
director of Flextronics’ 
Asian operations. The 
facility will support the 
manufacturing needs of 
local as well as global 
customers, Tan said last 
week. 

On Oct. 6, Flextronics announced 
that it had signed an agreement with 
the state government of Tamil Nadu in 
southern India to set up an industrial 
park in Chennai, the state capital. 

The Flextronics facility will offer 
services such as plastic injection mold- 
ing, circuit-board assembly, distribu- 
tion, logistics and repair. The company 
said the park will also include facilities 
for some of its component suppliers. 

Flextronics currently employs 5,000 
people in India at manufacturing facili- 
ties in Bangalore and Pondicherry and 
at software development and hardware 
design centers in Bangalore, Chennai 
and Gurgaon. 

w JOHN RIBEIRO, IDG NEWS SERVICE 
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Austraiian Conference 
Woos IT Execs to IPv6 


CANBERRA, AUSTRALIA 

CONFERENCE ON Internet Proto- 
A: Version 6 (IPv6) being held 

here in two weeks is aimed at 
convincing IT managers that the next- 
generation technology is ripe for en- 
terprise use and isn’t just for service 
providers and research organizations. 

Paul Davis, CEO of the GrangeNet 

consortium, which built Australia’s 
first IPv6 network, said the inaugural 
Australian IPv6 Summit is “absolutely 
relevant” to corporate IT. The native 
security features and large-numbering 
scheme in IPv6 make it “a new way of 
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doing things” for IT operations, said 
Davis, who is scheduled to speak at the 
conference. 

He added that Australian companies 
need to start using the technology. 
“Everywhere else in the Asia-Pacific 
region, there is extensive IPv6 deploy- 
ment, and we [risk being] left behind,” 
Davis said. 

Other scheduled speakers at the 
conference include Latif Ladid, chair- 


| man of the European Commission IPv6 


Task Force; Mark Evans, 
from the U.S. Navy’s IPv6 
transition project office; 
and Chris Gunderson, ex- 
ecutive director of the 
World Wide Consortium 
for the Grid in Reston, Va. 
The two-day summit, 
which starts Oct. 31, is be- 
ing sponsored by the In- 
ternet Society of Australia 
and the Smart Internet 
Technology Cooperative Research 
Centre in Eveleigh, Australia. 
m RODNEY GEDDA, COMPUTERWORLD TODAY 


Intel to Refocus, Expand 
German Research Lab 


BRAUNSCHWEIG, GERMANY 

NTEL Corp. last week said it plans 
[-: change the focus of work done at 

its semiconductor research lab here 
while expanding the number of re- 
searchers at the facility by 50%. 

Intel’s plan calls for the lab’s engi- 
neering team, which currently designs 
chips for optical networks, to shift its 
primary focus over the next few weeks 
to developing chips with hundreds of 
processing cores, said Mike Cato, a 
spokesman at the company’s German 
headquarters in Feldkirchen. At the 
same time, the research staff will in- 
crease from 100 to 150 people, accord- 
ing to Cato. 

“We aren't planning to discontinue 
our optical networking development 


| work in Braunschweig entirely,” Cato 


said. “But the key focus will be devel- 
opment of many-core chips.” 

The facility will be called the Ger- 
man Microprocessor Lab and used 


1 
solely for pure research, not actual 


product development, Cato said. He 


| added that the lab could expand its re- 


search focus over the next few years. 
“Give us six months to a year, and we'll 
know more by then,” he said. 

w JOHN BLAU, IDG NEWS SERVICE 





Lufthansa Teams up on 
Biometric ID System 


MUNICH 
T THE interairport trade show 
A‘: last week, German airline 
Deutsche Lufthansa AG demon- 
strated a biometric system for con- 
firming the identities of passengers 
during the boarding process. 

The SecBoard system was jointly de- 
veloped by Frankfurt-based Lufthansa 
Systems Group GmbH, the airline’s IT 
services arm, and Bundesdruckerei 
GmbH, a maker of security products 
and systems in Berlin. 

The system includes a registration 
component, where the fingerprints, 


| photos and personal information of 


passengers can be recorded, digitized 
and stored on a smart card along with 
a serial number. Fingerprint checks 
can then be done at a boarding station 
located between check-in counters and 
airport gates, the companies said. 

w JOHN BLAU, IDG NEWS SERVICE 


Symantec Says It’s 
Not Suing Microsoft 


YMANTEC CorP. CEO John 
G tenn last week downplayed 
reports that the security software 
vendor had taken steps toward initiat- 
ing a possible antitrust investigation 
into Microsoft Corp.’s business prac- 
tices by the European Commission. 

The Dow Jones Newswire had re- 
ported that Cupertino, Calif.-based 
Symantec filed an 
informal complaint 
against Microsoft 
with the EC. 

In an interview af- 
ter he gave a speech 
at The Common- 
wealth Club of Cali- 
fornia in San Francis- 
co, Thompson con- 
firmed that Symantec had provided 
documents to the EC, but he dismissed 
the talk of a complaint being filed. 
“We're not involved in any investiga- 
tion,” he said. “We partner with Micro- 
soft. We're not trying to go to court 
with Microsoft by any stretch of the 
imagination.” 

During his speech, Thompson de- 
scribed the relationship between the 
two companies as one of “mutual de- 
pendency.” He said that although Mi- 
crosoft’s full-fledged entry into the se- 
curity software market is inevitable, it 
isn’t “a preordained success.” @ 57476 
mw ROBERT MCMILLAN, IDG NEWS SERVICE 
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Briefly Noted 


Capgemini, a Paris-based IT con- 
sulting firm, has fired its chief oper- 
ating officer for thinking about tak- 
ing another job. COO Pierre Danon 
had applied for - but failed to get - 
a job as the head of hotel chain 
Accor SA, also based in Paris. 
Capgemini said it has no plans to 
replace him in the coming months. 
m PETER SAYER, 

IDG NEWS SERVICE 


Tata Consultancy Services Ltd., 
the largest outsourcing firm in In- 
dia, reported large year-over-year 
Gains in its results for the second 
quarter, which ended Sept. 30. 
Revenue was 29.5 billion rupees 
($670 million U.S.), up 21.4% from 
24.3 billion rupees ($543 million) 
in the same quarter last year. The 
Mumbai-based company’s profits 
grew by 15.5% to 6.7 billion rupees 
($150 million), up from 5.8 billion 
rupees ($130 million). 

w JOHN RIBEIRO, 

IDG NEWS SERVICE 


Infosys Technologies Ltd., India’s 
second-largest outsourcing vendor, 
also reported robust growth in 
revenue and profits for the three 
months that ended Sept. 30. The 
Bangalore-based company’s sec- 
ond-quarter revenue was 23.5 bil- 
lion rupees ($524 million), up 
38.3% from the year-earlier level 
of 17 billion rupees ($379 million). 
Net profit rose 44.2% to 6.2 billion 
rupees ($138 million), from 4.3 bil- 
lion rupees ($97 million). 

w JOHN RIBEIRO, 

IDG NEWS SERVICE 


Ford of Europe, Ford Motor Co.'s 
European arm, has rolled out a 
browser-based electronics parts 
catalog called FordEcat that was 
developed internally and is based 
on software from Burlington, 
Mass.-based Enigma Inc. Ford, 
which previously used outside 
contractors to create its electronic 
catalog, said it expects the new ver- 
sion to cut the time needed to dis- 
tribute auto parts and materials to 
its dealers in Europe and the Middle 
East. The FordEcat system supports 
17 languages and can be accessed 
via the Web or on a CD-DVD. 

@ LINDA ROSENCRANCE 
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Equant Pushes to Win More Network Deals in U.S. | «ts:csone%smpeior wo by 


BY MATT HAMBLEN 

CAMBRIDGE, MASS 

In August, Barbara Dalibard was named 
president and CEO of Amsterdam- 
based network operator Equant BV. 
Dalibard is also an executive 

vice president at Paris-based 
France Telecom SA, which 

bought full ownership of Equant 

in May. After a recent technol- 

ogy demonstration at a facility 
owned by France Telecom here, 


You said that your research investment will 


| double to 2% of expenses in the next year. 
But isn’t 2% low when compared with what | 


software vendors spend? We don’t think 

the same way as a software company, 
perhaps. A lot of our expenses 
are related to operating a net- 
work. We’re ahead of the other 
operators. 


How important is the U.S. market to 
you? Very important. We have 


Dalibard spoke with Computer- already been working with a lot 
world about the company’s ef- of American companies and 


forts to use Equant to become a 
bigger factor in the U.S. telecommunica- 
tions market. Excerpts follow: 


What differentiates you from AT&T and all 
the other network carriers? One of the 
main differentiators we have is global 
reach. We’re everywhere in the world, 
even in places others don’t want to go. 
Second, innovations. We really want to 
be on the leading edge, ahead of the 
pack, working with customers to in- 
vent new kinds of innovations. When 
you look at the amount of money spent 
on research at France Telecom, we’re 
ahead of nearly any telco worldwide. 





have top [executives at mobile 
network unit Orange SA] and Equant 
who are Americans. But it’s a tough 
market for us, as it is for most Euro- 
pean companies. To take the example 
of the enterprise market, we don’t plan 
to do everything by ourselves. We’re 
buying services from SBC, AT&T and 
Verizon, depending on our customers’ 
locations. We cannot be everywhere. 


Do you need to have the best price in com- 
petitive bids to win contracts? Price is re- 
lated to quality. We aren’t aiming at be- 
ing the cheapest-value-quality guy. We 
want to provide the best price for the 





Outsourcing Group Pitches Ethics, 
Contract Management Standards 


BY PATRICK THIBODEAU 

The International Association of Out- 
sourcing Professionals (IAOP) has re- 
leased a code of ethics and a set of 
business-practice standards that are 
designed to help companies improve 
their processes for awarding and man- 
aging outsourcing contracts. 

The standards apply to IT deals as 
well as other forms of outsourcing. 
One of the people involved in the ef- 
fort was Cynthia Kearney, vice presi- 
dent of global pharmaceutical R&D 
sourcing and supplier management at 
Johnson & Johnson Pharmaceutical 
Research & Development LLC in Rari- 
tan, N.J. Kearney said the guidelines, 
which were issued Sept. 26, will give 
the parties in an outsourcing agree- 
ment a common business framework. 

“I think it’s a value-add when you 
have governance upfront,” she said. 
“There is efficiency associated with 
that — the fragmentation isn’t there, 
[and] there aren’t disconnects, be- 
cause there are already some princi- 
ples established to how you conduct 





yourself in dealing with third parties.” 

The standards are general but weigh 
heavily in favor of disclosure, candor 
and the use of objective metrics that 
are agreed on by both sides. 

For instance, the IAOP is asking 
users and vendors “to accurately rep- 
resent the extent of executive support 
for an outsourcing relationship.” 

The Lagrangeville, N-Y.-based orga- 
nization also is calling on companies to 
invest at least 40 hours annually in 
training and professional development 
activities for each employee involved 
in managing outsourcing contracts. 

Mike Corbett, executive director of 
the IAOP, said the group hopes the 
standards will help outsourcing rela- 
tionships succeed, partly by making 
management practices more consistent 
from company to company. 

Kearney said she plans to form a 
committee at Johnson & Johnson to re- 
view the suggested standards and ethi- 
cal practices and incorporate in the 
company’s business procedures any 
that aren’t yet in place. @ 57421 





[market] share by underpricing. But 


highest quality. We manage complexi- our customers want to have a reliable 
ty. It’s not just a basic network link be- network services partner. If in five 

tween two locations. 
The North American market has 


years the carrier dies because of under- 
pricing, that’s not good. @ 57359 
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Full CA Turnaround Could Take 
Three More Years, Swainson Says 


Repairing relationships, changing 
culture is ‘not an overnight transition’ 


BY CRAIG STEDMAN 

FRAMINGHAM, MASS 

John Swainson, president and 
CEO of Computer Associates 
International Inc., is approach- 
ing the one-year anniversary of 
his hiring as the company’s top 
executive last November. At a 
CA facility here last week, 
Swainson spoke with reporters 
and editors from International 
Data Group Inc., Computer- 
world’s parent company. The 
main topic was the status of his 
efforts to revamp the software 
vendor, which was wracked by 
an accounting scandal, govern- 
ment investigations, weak rev- 
enue growth and the ouster of 
former CEO Sanjay Kumar be- 
fore Swainson’s arrival. 


Where do things stand at CA as 
your first year at the company 
comes to an end? I think it’s 
been an interesting year for 
the company. It’s certainly 
been an interesting year for 





me. We feel pretty good about 
where we are. But it’s 

not an overnight tran- 

sition, by any means. 

The timeline I now 

recognize is about a four-year 
timeline, and I really couldn’t 
have that degree of clarity 
when I started. There’s a good 
reason why you go into these 
things a little naive (laughs). 


You said you’ve replaced half of 
CA’s senior executives with out- 
siders, streamlined the company’s 
product strategy, reorganized 
around new business units and 
made changes to the sales force. 
What still needs to be done? The 
first phase was to fix the prob- 
lems. The second phase that 
we’re in now is to set the stage 
for stronger growth. Our IT 
environment was particularly 
weak, which was frankly a big 
surprise coming in here. I ex- 
pected that CA as an IT ven- 
dor would have robust sys- 
tems, and we didn’t and we 





still don’t. The mechanics of 


| installing our new SAP system 
| and a lot of [the other internal 
| changes] will be done in the 


next 12 to 18 months. The 
changing of CA’s culture, 


which to some extent is first 
| about customer relationships 


— those are the long-term 
things. 


You announced the SAP project 
last December. Where does it 
stand now? We are going to do 


| a wholesale [ERP system] re- 


placement, which most people 
don’t do. And we're going to 
do it in less than three years. 
We'll run our old and new sys- 


| tems in parallel over the last 
| two quarters of our fiscal year 


in North America, and then do 


| ° ° . 
| the same thing in Europe. 


Have there been any big pain 
points yet? Nothing that a ma- 
jor amount of money can’t 
help. It is an astonishingly ex- 


| pensive process. No one in 


GA 


their right mind does 
this. You do this when 
you're desperate, and 
we were desperate. 
There was no single source of 
data for anything. And in fact, 
much of the discussion in 
meetings went around whose 
data was more right or less 
wrong. The weak systems also 
got called out in the deferred- 
prosecution deal [that CA 
signed with the federal gov- 
ernment in September 2004] 
as one of the things that con- 


tributed to the problems in the | 


company. The systems were so 
loose that it allowed bad guys 
to get in there and do things 
they shouldn’t have. 


Sanjay Kumar’s trial on charges 
of accounting fraud is coming up. 
Do you expect any fallout from 
that? The trial starts in April, 
and we expect more activity 
around it to start in March. 
There’s not much we can do at 


we've moved 
[customers] from a 
position of outright 
hostility to a posi- 
tion of skepticism - 
perhaps neutral 
skepticism. 


JOHN SWAINSON, PRESIDENT AND 
CEO, COMPUTER ASSOCIATES 


this point. All we can do is tell 
our story and make sure peo- 
ple recognize that these things 
are part of the past. It’s certain- 
ly part of the history of CA, but 
it’s not part of the future. 


You said repairing customer rela- 
tionships was part of the long- 
term process for fixing CA. So that 
| isn’t where you want to see it? 

| Very much so. I hope we've 
moved people from a position 
of outright hostility to a posi- 
tion of skepticism — perhaps 
neutral skepticism. We have to 
demonstrate by what we do, 
not just what we say, that 
we're a partner worthy of do- 
ing business with, and that’s 
going to take some time. Our 
intent is to get our customer- 
satisfaction ratings on our in- 
ternal surveys up to above 
80%, from somewhere below 
70% now. Best of class is 
somewhere between 80% and 
90%, and we have some work 
| to do to get there. 





| ltisn’t just a matter of you and 

| other executives meeting with 
customers? It’s hardly at all 
about us doing that. Me going 
out and saying we’re going to 
be a good partner is interest- 
ing, but it’s really how our 
[sales] team follows up and 
how we act in the marketplace 
that’s important. 


One of the things that Kumar did 
get credit for from IT managers 
when he was CEO was improving 
relations with users. Was that 
overstated? Sanjay did identify 
that there was a problem with 
what I'd call the confronta- 
tional model of dealing with 
customers. The company 
made some progress on that 
but then became so self- 
absorbed with some of the [in- 
ternal] problems that it be- 
came ineffective. Frankly, a lot 
of that momentum was lost. 


What’s happening in your sales 
force? Your first quarter was pret- 
ty turbulent in terms of turnover 
there. It was, but I think we’re 
through some of the turbu- 
lence. On an annualized basis, 
we had about 20% turnover, 
which is high but not exces- 
sive for software companies. 
You typically have 12% to 20% 
turnover, so we were on the 
high end of the range — high- 
er than I'd like to see it, but 
not crazy. I think we’ve made 
good strides in transforming 
the sales organization. The old 
joke used to be that you’d nev- 
er see a CA salesperson until 
three months before your con- 
tract was up for renewal, and 
then he’d show up with his 
hand out. 


CA has started to make acquisi- 
tions again, buying vendors like 
Niku, Netegrity and Concord Com- 
munications. Does your acquisi- 
tion strategy differ from the ap- 
proach CA took in the past? I 
think it’s very different. CA in 
the past made opportunistic 
software acquisitions, and it 
didn’t really seem to matter 
what part of the business they 
were in. To a certain extent, it 
was a random walk through 
the software industry because 
it was more focused on finan- 
cial aspects than on technol- 
ogy or business aspects. I 
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think that strategy served CA 
well for a period of time, but it 
ran out of gas in the mid "90s. 
All of the acquisitions you’ve 
seen us make [in the past 
year], or will see us make, are 
designed to expand our prod- 
uct portfolio or fill a niche 
that we haven't focused on. 


Is it likely that you'll buy more 
companies in the near future? 
Yeah. You saw us do seven 
acquisitions [in the] last year, 
three of them major. That 
probably is a little ahead of 
where I expect to be a year 
from now in terms of the rate. 
I don’t expect to do $1 billion 
worth of acquisitions in the 
next 12 months, but I wouldn't 
be surprised to see us do 

$500 million to $600 million 
worth. In the short term, you 
get the biggest bang for the 
buck [in revenue growth] from 
acquisitions. 


CA went back and forth on holding 
a CA World conference this year. 
Do you think attendance at next 
month’s event will be lower as a 
result? We made a lot of 
changes to CA World — we 
changed the time it’s taking 
place, we changed the struc- 
ture and we made it a fee- 
based conference. I do think 
attendance will be lower rela- 
tive to previous years, maybe 
50% lower. I hope we can at- 
tract more attention to it [in 
the future]. But I think it’s 
probably a good thing for now 
to have it smaller and more fo- 
cused. It gives me a chance to 
speak to an audience in a 
more focused way. 


In terms of changing the culture at 
CA, can’t you just say what the 
new culture is, and that’s that? 
Cultures build as much from 
the bottom up as they do from 
the top down. CA has a cul- 
ture today, but it’s not some- 
thing that anyone thought a lot 
about. It was just something 
that sprouted, and it was dif- 
ferent [in this facility] than it 
was [at company headquar- 
ters]. You can communicate 
what you want it to be, but it’s 
the building it up and rein- 
forcing it that takes time. Peo- 
ple watch what you do, not 
what you say. @ 57466 
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Feds Get Four Bids for 
$20B Telecom Contract 


Networx pact will 
include voice, data 


and video services | 


BY LINDA ROSENCRANCE 

Four major telecommunica- 
tions companies have submit- 
ted initial bids for the U.S. 


government's 10-year telecom- | 


munications services contract, 
known as Networx and poten- 
tially worth up to $20 billion. 


The Networx program is de- | 


signed to provide legacy and 
leading-edge voice, data and 
video services to all U.S. gov- 
ernment agencies. 

The contract has two parts: 
Networx Universal, which 





covers 37 domestic and inter- 
national telecommunications 
services; and Networx Enter- 
prise, which is geared toward 
smaller carriers and designed 
to provide a core set of IP and 
wireless services in particular 
geographic regions. 

The four lead bidders — 
MCI Inc., Sprint Nextel Corp., 
AT&T Corp. and Qwest Com- 
munications International Inc. 
— submitted proposals for the 
universal pact to the U.S. Gen- 
eral Services Administration 
earlier this month. Each is also 
expected to offer proposals for 
the Networx enterprise work. 
Those bids are due today. 

The GSA is expected to take 


How can you be so sure this color printer 
is as dependable as it is affordable? 


ricoh-usa.com/itchannel 


I’m talking Ricoh 
color here, Jerry. 


_ NEWS 


up to a year to review the bids, 
and it could choose more than 


} one winner, said Blake Wil- 


liams, an agency spokesman. 
“We have not determined | 
the precise number of awards | 
for Networx,” he said. “How- 
ever, we anticipate two to 


| three for the universal acquisi- 


| tion and around five for the 


| versal contract and $50 million 


| required to use only Networx 


enterprise acquisition.” 
Although the Networx pro- 
gram is valued at as much as 
$20 billion, the government 
has so far committed to spend 
only $525 million on the uni- 


on the enterprise contract. 
And because agencies aren’t 


| providers, losing bidders 


could still solicit business 
from individual agencies. 
The Networx program will 


| replace a series of contracts 


known as FTS2001, which will 


expire in 2007. MCI and Sprint 


| hold the main FTS2001 pacts. 


Warren Suss, president of 


| Suss Consulting Inc. in Jenkin- 


town, Pa., said the GSA must 


| make sure the winning bidders 
| can deliver a broad range of 


services. “In the government 
arena, unlike in the commer- 


| cial arena, a response that says 
| ‘trust me’ won't fly,” he said. 


Possible Front-runners 


| Suss and Sean Buckley, an ana- 
| lyst at Washington-based Cur- 


rent Analysis Inc., both gave 


| MCI and Sprint an edge in the 
| bidding as incumbent suppli- 
| ers, but agreed that there are 

| no guarantees. 


“MCI is the incumbent,” 


| Suss said. “That’s their strength | 
| going into this. They offer 


agencies the lowest perceived 
risk in terms of transition 
issues.” 
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Buckley added that MCI has 
“served the government since 
the mid 1980s, so obviously 
they have that network reach 
across the world. But that 
doesn’t always mean it’s going 
to be a winner, either.” 

Sprint not only holds part 
of the FTS2001 contract, but 


| also part of its predecessor, 


FTS2000, Buckley noted. 
“Sprint also has a strong wire- 
less play that MCI doesn’t 
have, and Sprint just bought 


| Nextel,” he said. 


Suss and Buckley also gave 
AT&T and Qwest a chance to 
win the Networx contract but 
said that each has more hur- 
dies to overcome than MCI 
and Sprint do. 

Both analysts added that 


| they wouldn't be surprised 
| if the GSA does decide to 


choose more than one win- 


ning bidder. @ 57494 
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NEWS 


Vendors Unveil New 
Supply Chain Software 


Oracle, i2, Lawson 
and SAP plan to 
update tool sets 


BY MARC L. SONGINI 
RACLE CoRP., Law- 
son Software Inc. 


and i2 Technologies | 


Inc. al! have either 
shipped an updated supply 
chain management (SCM) 
system or plan to ship one 
over the next month. 

And SAP AG disclosed last 
week that a new version of its 
SCM offering will ship by the 
end of this year. 

Dallas-based i2 last week 
brought out the third piece of 
its Collaborative Supply Exe- 
cution (CSE) applications — 
the Collaborative Materials 
Management module — that 
will ship with the next version 
of i2’s SCM system, dubbed 
Six.Two, in November. 

The other CSE modules — 
Consolidated Procurement 
and Supply Collaboration/ 


| Lean Replenishment — have 
| been introduced over the past 
| month. The Collaborative Ma- 
| terials Management module 
synchronizes materials plan- 
| ning with purchasing and pro- 
| curement workflows, said 
Sharmistha Dubey, director of 
solutions marketing at i2. 
Together, the new i2 CSE 
| applications are intended to 
better support the company’s 
| so-called closed-loop system, 
which allows a company to 
forecast, execute and measure 
| supply chain processes. 
The upgraded software 
offers tight synchronization 


| among the procurement, re- 

| plenishment, supply planning 
| and collaboration and execu- 
| tion processes, said Dubey. 


The i2 modules will run on 
| top of the company’s Agile 
Business Process platform, 
which will ship in various 
parts through the rest of the 
year. The platform is based on 
a Web services integration 





| architecture, which will let 


| users easily replace i2’s vari- 
ous modules when updates 
come out. 

One user had mixed feelings 
about the rollout. Kevin Bott, 
vice president of supply chain 
solutions and technology ser- 
vices at Miami-based Ryder 
System Inc., said the new 
modules appear to be simply 
a repackaging of older i2 
applications. 


Better Communication 
Bott did say that the new 
integration platform could 
help some users improve com- 
munication among the various 
modules, but he also noted 
that corporate users can get 

| the same benefits from inte 
grated ERP software. 

Oracle’s PeopleSoft Enter- 
prise Supply Chain Manage- 
ment and Supplier Relation- 
ship Management 8.9 modules 
are said to contain 100 en- 
hancements. The new mod- 
| ules began shipping in August. 
The contract management 





Oracle Updates PeopleSoft Financials 


ORACLE announced that it 
started shipping Version 8.9 of 
the PeopleSoft Enterprise Finan- 
cial Management suite. 

Oracle officials said the move 
confirms its promise not to force 
users of the acquired PeopleSoft 
application to migrate to Oracle 
E-Business Suite fli. 

Analysts, however, weren't so 
sure. While the upgrade wili help 
some PeopleSoft customers bet- 
ter handle statutory compliance, 
the product line remains essen- 
tially in a “dead end” mode, said 
Joshua Greenbaum, an analyst 
at Enterprise Applications Con- 
sulting in Berkeley, Calif. 

Greenbaum said he expects 
that Oracle will continue to re- 
lease such regulatory enhance- 
ments, but he doesn’t anticipate 
anew PeopleSoft product based 
on an updated code base. 


Version 8.8 of PeopleSoft 
Enterprise shipped 20 months 
ago, when PeopleSoft was still 
an independent vendor. At that 
time, work had already begun on 
Version 8.9, which shipped on 
Oct. 5, said Rich Rodgers, vice 
president of financial applica- 
tions strategy at Oracle. 

“This release of SCM and 
Financial Management is un- 
changed in scope,” he said. Ora- 
cle hopes that the new version 
will one day help PeopleSoft 
users migrate to Project Fusion, 
the best-of-breed application 
suite that Oracle is developing 
[QuickLink 52089], Rodgers 
said. 

The new version of the finan- 
cial application offers greater 
support for compliance with 
global accounting standards 
and best practices, according 


to Rodgers. For instance, 
Oracle has automated cash- 
flow statement processes to 
help companies comply with 
both international and U.S. 
regulations. 

There is also the new Finan- 
cial Gateway tool, which central- 
izes and streamlines payment 
and receipt processes, Rodgers 
said. 

The new version also offers 
the Enterprise Asset Lifecycle 
Management tool, which is in- 
tended to help companies cost- 
effectively acquire, maintain and 
replace physical assets. 

The new functions are en- 
abled by some of the assets 
obtained from the J.D. Edwards 
portfolio of applications that 
came with Oracle's acquisition 
of PeopleSoft, said Rodgers. 

- Mare L. Songini 





module is a key piece of the 
release, said John Webb, vice 
president of supply chain 
application product strategy at 
Oracle. The tool allows com- 
panies to fully craft and then 
enforce supplier contracts 
more efficiently, he said. 
Meanwhile, Lawson next 


| month plans to extend its Mo- 


bile Supply Chain Manage- 
ment health care tool to other 
industries. The Lawson Re- 
ceiving and Delivery tool lets 
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users track packages automati- 
cally, said a spokesman. 

An SAP spokesman offered 
few details of the SAP SCM 5.0 
upgrade, but he said it will in- 
clude a cross-docking module 
for its warehouse management 
application to boost the speed 
of inventory flow. 

The updated version will 
also add an analytics tool to 


| optimize the planning and ex- 


ecution of service parts inven- 


tory shipments. @ 57484 
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F5 Builds Firewall Into App 
Management Devices 


Big-IP Application 
Security Module 


F5 Networks Inc. 


= PRODUCT SUMMARY: Seat- 
tle-based F5 Networks last week 
announced a software module that 
adds security features to its Big-IP 
line of appliances for managing ap- 
plication traffic and performance. 
The Application Security Module 
(ASM) provides users with an 
application-layer firewall that’s 
designed to protect Web-based 
systems against buffer overflow 
attacks, compromises of access- 
control mechanisms, worms and 
other problems. In addition, cloak- 
ing features are included to conceal 
error messages from end users. 
Erik Giesa, vice president of prod- 
uct management at F5, said the s2- 
curity module will be available on 
the 6400 and 6800 models of the 
rack-mountable Big-IP line. 


USER EXPERIENCE: Blue 
Cross and Blue Shield of Kansas 
City in Missouri will install two Big- 
IP 6400s “any day now” in an at- 
tempt to increase the security of its 
Web applications and help improve 
their performance, said Larry 
Strickland, manager of network en- 
gineering at Blue Cross. Strickland 
hopes that putting the application 
firewall inside the Big-IP appli- 
ances will help him avoid having to 
run and manage it separately. 
“We've got a really complicated 
DMZ,” he said, pointing to the need 
for increased simplicity within the 
health insurer's network security 
setup. Blue Cross has used two 
previous Big-IP models and has 


F5 Networks’ new 
Big-IP appliance 


seen “consistent application per- 
formance increases” from the ap- 
pliances, Strickland said. 


= ANALYST ASSESSMENT: 
Joe Skorupa, an analyst at Gartner 
Inc. in Stamford, Conn., said the 
Big-IP ASM is unique so far in of- 
fering an integrated application 
firewall capability. But he added 
that other vendors, including Citrix 
Systems Inc., Radware Ltd. and 
Teros Inc., likely will soon follow 
suit with similar offerings. Skorupa 
said the F5 software brings a fire- 
wall inside the network core, in- 
stead of just monitoring traffic at 
network gateways. “This way, even 
those users who are inside [a net- 
work] and trusted must still pass 
through a firewall,” he said. 


= OTHER VENDORS IN THE 
MARKET: Cisco Systems Inc. The 
total market for application man- 
agement appliances will be about 
$1.5 billion this year, Skorupa said. 
“It's a very active market, and 
[these appliances] are becoming a 
core component of the data center 
architecture between applications 
and users,” he added. 


=PRICE: The Big-!P devices start 
at $34,995; the ASM software 
costs $12,500. 


@ AVAILABILITY: Now. 
~ Matt Hamblen 
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DON TENNANT 


Just Wondering 


WONDER IF you noticed a fairly short news 
piece that appeared on page 10 of last week’s 
issue. We ran it as a sidebar to Carol Sliwa’s 
story about Sun Microsystems improving the 
compatibility of its StarOffice suite with Mi- 
crosoft Office. The sidebar, headlined “Google, Sun 


Leave IT Out of Picture,” 
constituted our full print 
coverage of the collabora- 
tion the two vendors an- 
nounced at a gala news 
conference on Oct. 4. 

We had to cover the 
Sun/Google story. Any- 
thing involving Google 
tends to generate a lot 
of buzz, and chances are 
you heard that there was 
something going on be- 
tween the two companies. 

You needed to know if you need 
to care. 

As we were able to convey in 
those 12 inches of copy, you don’t. 
Tom Austin, a Gartner analyst quot- 
ed in the story, put it very succinctly. 
“The corporate IT angle is what they 
didn’t announce,” he said. “The 
deeper I dug, the less there was.” 
And as Lee Gomes of The Wall Street 
Journal noted in a great column last 
week, the announcement was “a 
model for how well-known compa- 
nies can make a major media event 
out of a nothingburger.” 

Yet it was entirely too predictable 
that some in the technology media 
would be making nothingburger 
hash last week. They served up what 
Sun and Google ordered: a mouth- 
piece to help prolong the buzz. I 
can’t say that I blame the vendors. 
Hey, if it was my job to make more 
money for my shareholders, I’d want 
there to be a lot of buzz, too. 

But as a journalist, it bothers me to 
see the technology media being used 
this way. It bothers me to see publi- 
cations so willingly give expansive, 
front-and-center coverage to a story 





like this, complete with the requisite 


ridiculous photo of Sun’s 
Scott McNealy and 
Google’s Eric Schmidt 
goofily grinning at each 
other. 
The consistent success 
IT vendors enjoy in dri- 
ving news coverage in 
the technology press is 
just maddening. Unques- 
tionably, a large part of 
our job is to cover key 
developments that take 
place on the all-too- 
garish IT vendor stage. You need to 
know what your vendors are up to 
in order to do a large part of your 
job. At Computerworld, we recognize 
that you rely on us to sift through 
the vendor hype to find those news 
nuggets you need to know about. 
That’s why we approach vendor- 
generated developments with our 
own agenda: We’re out to determine 





what, if anything, the “news” means 
to you, and to take advantage of any 
vendor access we get to address is- 
sues that are likely far more impor- 
tant to your business than whatever’s | 
being announced under the spot- 
lights. The fact that high-profile ven- 
dors stage an announcement specta- 
cle with all the showmanship and 
choreography we’ve come to expect 
simply isn’t a good enough news 
hook for us. And we’re very much 
aware that it isn’t for you, either. 
That’s why you read us. 

I wish it didn’t bother me that oth- 
ers in the technology media fall for 
this stuff, but it does. I can just pic- 
ture the PR teams at Sun and Google 
reading some of the coverage they 
got last week, and high-fiving each 
other at their success. Sometimes I 
wonder what they’re really thinking. 
I wonder if they have to chuckle at 
the way the crumbs they toss out are 
so eagerly licked up. 

But more than anything, I wonder 
why some in the tech media allow 
themselves to be used. And I wonder 
why on earth they don’t care. @ 57497 
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MICHAEL H. HUGOS 


The Rhythm 
of the 
Quarters 


UST AS FARMERS and 

people who make their 

living from the land have 

a rhythm to their lives that 
is set by the four seasons, 


so too do corporate CIOs 
(whether they know it or not). Instead 
of the four seasons, we in business 
have the four quarters. Each quarter 
has its demands and opportunities. 
Like good farmers who prosper by re- 
sponding appropriately to each season, 
CIOs make the best use of the oppor- 
tunities presented by each quarter if 
they are to prosper. 

The rhythm of the quarters isn’t 
quite as well defined as the rhythm of 
the seasons, but 
here’s my take on it 
based on my years as 
a reasonably suc- 
cessful (knock on 
wood) CIO. 

In the first quarter, 
we need to get out of 
the gate quickly and 
get started on the 
major development 
projects for the year. 

In the second 
quarter, we have to 
achieve the first 
round of project 
milestones and make 
any needed mid- 
course corrections. 

In the third quar- 
ter, new systems and 
enhancements need 
to be built and put 
into production. 

In the fourth quarter, the successful 
CIO reaps the benefits of a good har- 
vest and begins planning projects for 
the coming year. 

“Well heck, Mike,” you say, “that 
makes it seem downright obvious and 
easy.” Or you may be saying things like, 
“What is this guy talking about? Maybe 
he ought to be a farmer instead of a 
CIO.” Hear me out, though. 

In the first quarter, the CIO has 30 
days to finalize agreements with busi- 
ness executives on what IT projects 
are to be done. That means under- 
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standing the business strategy and the 
IT alignment needed to support the 
strategy. 

In the last 60 days of the first quar- 
ter, the CIO needs to see to it that proj- 
ect teams of qualified people are as- 
signed to each agreed-upon project 
and that they get off to a fast start. 
Each team has to understand the busi- 
ness goal of its project and define the 
performance requirements for the sys- 
tem it will build. The team comes up 
with a conceptual system design show- 
ing high-level business processes and 
the technology they’ll use to support 
those processes. They also do a return- 
on-investment analysis and adjust their 
conceptual design if required so the 
cost of the system doesn’t exceed the 
value of the benefits it will deliver. Al- 
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though the CIO doesn’t actually do this 
work — the team does — the CIO still 
makes sure it all gets done in a timely 
fashion. 

In the second quarter, the teams 
flesh out their conceptual designs and 
prototype the system user interface 
and technical architecture. The proto- 
types must verify that the system will 
work as expected, or the system has to 
be rethought and prototyped again. 
Then the team produces a set of de- 
tailed design specifications to build 
the system. Those design specs are the 
workflow process maps, the system 
data model, the user interface and the 
technical system architecture. The 
CIO should watch this process like a 
hawk. The CIO guides, assists and ca- 
joles the teams as necessary to keep 





them on track and on time. 

By way of analogy, when farmers 
here in the Midwest talk about their 
corn crops, they say, “It needs to be 
knee-high by the Fourth of July.” If it 
isn’t, there’s not much hope of a good 
harvest in the fall. If project teams 
haven't finished their detailed system 
design specs by the end of the second 
quarter, there isn’t much hope that 
they can deliver anything by the end of 
the third quarter or even the fourth 
quarter. 

In the third quarter, the project 
teams focus on building their systems. 
By the end of the third quarter, the 
first versions of the new systems and 
business processes should be rolling 
out to users. If this isn’t happening by 
the end of the third quarter, there 
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won't be any rewards for the CIO to 
reap in the fourth quarter. 
In the fourth quarter, the CIO as- 
| sesses the impact of the new systems 
and begins discussions with the busi- 
ness executives about what will be 
| needed next year. Year after year, I 
have seen this as a very successful pat- 
tern to follow. This is the way I run my 
farm — I mean my IT operation. I’ve 
also noticed that I have to produce a 
good harvest each year in order for 
the business to feel good about giving 
me a decent budget for the next year. 


@ 57405 
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Skills Should Decide 
Who Gets IT Jobs 


TEND TO AGREE with most of Stefan 

Steurs’ analysis of the economics of 
outsourcing [“Offshoring: A View From 
Europe,” QuickLink 55190). However, 
when he says, “True, Americans and 
Europeans sometimes lose jobs to 
these people, but aren't we overrepre- 
sented in terms of the proportion of the 
world’s IT workers to our relative popu- 
lations? Can it be called fair that we 
deny people of the largest countries in 
the world a fair share of the market?” 

I'm concerned about terms such as 
overrepresented and fairin this con- 
text. Is it fair that I've been denied the 
right to play in the NFL? Or is it just be- 
cause my skills in that area are simply 
woefully inadequate? No one has been 
“denied a fair share” of the market. 

And | believe recent history illus- 
trates that - as soon as some of these 
other countries were able to offer com- 
petitive labor, it was employed quite 
quickly, bringing us to the current dis- 
cussion. 
Christopher Meisenzahl 
Senior automation engineer, 
Lima, N.Y. 


Objectivity Regarding 
Mac Is Appreciated 


USE A MAC AT HOME and Windows 

at work, and I've seen more than 
enough “This is why Mac will never 
work in the enterprise” articles to last a 
lifetime. | found Douglas Schweitzer's 
column fair and balanced, which is re- 
freshing [“A Convert With a Crush on 





ait ait 


His Mac,” QuickLink 55803). 

| prefer to use the Mac because | find 
it more stable and user-friendly, but | 
also recognize that you want the right 
tool for the job. I'm sure you'll get some 
extremist e-mail responses (i.e., “Macs 
stink” or “Macs rule”), but it was great 
to read a real-world experience that 
wasn't biased. 
Bill King 
Senior network engineer, 
Mt. Laurel, NJ. 


Many Managers 
Obstruct Productivity 


MUST TAKE EXCEPTION to Paul 

Glen's statement about managers: 
“On the path of managerial value, you 
add more value by making others more 
productive” [“Managers’ Forum,” 
QuickLink 54660). 

| have been in IT for over 20 years, 

and | have seen few managers who 
help with productivity and many who 
are obstacles. 


| Glen J. Gasior 


Greenville, S.C. 


Boomer Mainframers 
Still Offer Expertise 


HERE ARE A LARGE NUMBER of us 
former mainframe professionals 
who endured the layoffs of the "90s and 
are still interested in working in that en- 

vironment [“Shortage of Mainframe 
Skills May Give IT Execs Gray Hairs,” 
QuickLink 55867]. 

The perception seems to be that 
young college graduates are the only 





source of these skills. Not so. Yet baby 
boomers aren't even being granted in- 
terviews. Perhaps there's an assump- 
tion that our pay requirements will be 
higher (not necessarily true) or that any 
training costs won't be recouped during 
our remaining work lives (also not true). 
After spending 16 years with IBM 
and another six with a local mainframe- 
based company here in Minnesota, | 
would welcome the opportunity to re- 
new my finely tuned mainframe net- 
work skills and expand them into main- 
frame programming for the next 15 to 
20 years, but | must await a change in 
hiring practices to loyally devote the 
rest of my working years to the vocation 
| have always loved. 
Richard Giltner 


Training specialist, Minneapolis 


Leave Organizing 
Files to Computers 


ENJOYED THE ARTICLE “Death of 

the File System: It's About Time,” by 
Geoff Barrall [QuickLink 55830], very 
much, but | think the “new” way of stor- 
ing and accessing files can be taken 
even further. 

For instance, why would a user ever 
need to specify the location of any file? 
If he can immediately gain access to it, 
who cares where it's kept? This would 
allow the operating system to intelli- 
gently organize and archive data, hope- 
fully providing a much less fragmented 
system of storage and also a more opti- 
mized disk-access subsystem. 

Also, if the contents of files can be 
searched, why make a user name a file? 
Shouldn't | just be able to type (or even 





better, speak) “Last year's tax returns” 
and have the operating system find and 
open the relevant files? 

Let the computer do what comput- 
ers do best: organize things. 
Sean Finn 
Software developer, Chicago, 
bergendog@gmail.com 


Health Records Need 
Standards for Data 


REAT ARTICLE (“Reinventing 
EHR,” QuickLink 55837], but the 
real key will be to get everyone singing 
from the same hymnal. Other than the 
VA, who is marketing software that can 
produce data files that can go from one 
facility to another using a different 
package? Other than MDS, what data 
standards are there? 
Patrick O’Shea 
IT administrator, 
Air Force Retired Officers 
Community, Falcons Landing, 
Potomac Falls, Va., 
poshea@falconslanding.org 


Why IM Shouldn’t Be 
Treated As a Problem 


HY CAN'T THESE COMPANIES 

just be truthful and say that they 
don’t want their users to have a useful 
tool that IT doesn’t control [“Sarbanes- 
Oxley Trumps IM at Some Firms,” 
QuickLink 56025}? 

There are more than enough con- 
trols and safeguards available to pre- 
vent virus infections. If you're going to 
get one from IM, then you are going to 





get one from your e-mail. Why? Be- 
cause you have not taken the steps 
necessary in a world of hackers. 

My employer runs Symantec Corpo- 
rate 10, and we've never had a problem 
from IM or e-mail. 

Ed Evans 

Microcomputer specialist, Texas 
A&M University, College Station, 
evansed@tamu.edu 


Longhorn Jokes Lost 


| With Windows Vista 


ITH LONGHORN now dubbed 

“Windows Vista” by Microsoft, 
I've lost some good jokes: A gutted 
subset for bottom-of-the-line comput- 


| ers could have been dubbed “Short- 


horn.” And a special version designed 
for PDAs, ala Windows CE, could have 
been given the name “Shoehorn.” 
Louis A. Carliner 

Masaryktown, Fla., 
Icarliner@earthlink.net 


More letters, page 28 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity 
They should be addressed to 

Jamie Eckle, letters editor, Computer- 
world, PO Box 9171, 1 Speen Street, 
Framingham, Mass. 01701 

Fax: (508) 879-4843 


| E-mail: letters@computerworld.com. 


Include an address and phone number 
for immediate verification. 


For more letters on these and other 
topics, go to 
www.computerworld.com/letters 
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OPINION 
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Instant Messaging 
Is a Moving Target 


NE POTENTIAL REASON why 

there hasn't been pushback on 
restoring instant messaging systems 
on the desktop at the companies men- 
tioned in the story “Sarbanes-Oxley 
Trumps IM at Some Firms” [QuickLink 
56025! is that the technology has 
moved on. IM is available on most cell 
phones nowadays, either directly as 
IM or indirectly via SMS. I'm going to 
guess that many IM users do their 
workday messaging through their cell 
phones rather than through a laptop. 
Winston Lawrence 
Architect, enterprise applications, 
New York 


IANA MCKENZIE, chairwoman of 

the IT group at a Chicago-based 
law firm, is quoted as saying, “You can’t 
control a phone call, so | don’t see what 
the difference is between IM and a 
phone call.” Though | agree that it’s 
hard to control the content of either, 
the practices and requirements regard- 
ing the recording and archival of phone 
vs. other electronic communications 
are well established. How many wire- 
tapping cases have been heard estab- 
lishing precedence on recording phone 
conversations? Far more than that of 
e-mail or IM recording. 

The implications of the legal require- 
ments of Sarb-Ox (and even HIPAA, 
Gramm-Leach-Bliley and others) have 
not yet been fully established in the 
courts. That alone makes sufficient dis- 
tinction when it comes to corporate de- 
cisions regarding risk and unknown 
factors. IM is one such risk that one 
may weil choose to discontinue until 
the legal environment solidifies. 

Alan Mercer 
Director of technology 
integration, Baltimore 


Responsible Firms 
Protect Their E-mail 

HE TENOR OF THE ARTICLE 

“E-mail Exposure: ls Your Company 
Liable?” [QuickLink 55572] is just one 
more indication of the lows to which we 
have sunk as a society when it comes 
to blaming others for our own mis- 
steps. Corporations should exercise 
responsibility in this area. If they use 
electronic communications of any type 
but don’t properly safeguard them- 








selves from the potential dangers (by 
using firewalls, virus protection soft- 
ware, etc.), they are more responsible 
than anyone else should a virus or 
worm be transmitted to them or their 
corporate databases. 

How much is the integrity of your 
corporate data worth? I’m proud to say 
that | work for a company that takes 
great pains to protect itself from such 
problems and has been exceedingly 
successful at doing so. 

Jim Lawrence 
QA analyst, Mechanicsburg, Pa. 


Execs Aren’t Always 
To Blame for Failures 


ACK OF EXECUTIVE SUPPORT is 
often blamed as a cause of project 
failure when in fact it's an effect of a 


| project that is already failing [“The Elu- 


sive Executive Sponsor,” QuickLink 
55508]. 

Robin F. Goldsmith 

President, Go Pro Management 
Inc., Needham, Mass., 
robin@gopromanagement.com 


How to Secure Linux, 
Unix Database Files 


ENJOYED C.J. Kelly's article “Getting 

Started on Database Security” 
[QuickLink 55461] very much. One 
thought | might add to hers on file 
privileges on Unix and Linux follows. 

When | was doing this sort of thing 
years ago (before there were any “se- 
curity manager” jobs), | secured data- 
bases and access by using the “user” 
and “group” access bits, so that all 
database files - data and executables - 
were owned by an application-specific 
ID and/or the database application 
group and were otherwise unshared. 
The SQL-running utilities (such as iSQL 
for Sybase) were strictly owned by the 
database application ID and strictly un- 
shared, with the user and group bits on. 
When the SQL utility was needed in an 
application, it was launched from with- 
in that application. 

That, combined these days with a 
robust, external user authentication 
system, would seem to secure the data 
rather well. These days, total database 
encryption is an option, although in the 
old days there was too big a perfor- 
mance price for it. 

Dick Lincoln 
Skillman, N_J. 








Hold Outsourcers 
Liable for Data 


HE ARTICLE CALLED “Report: 

Black Market Growing for Offshore 
Data” [QuickLink 56243], which de- 
tailed the compromising of Australian 
customer data by outsourcers in India, 
is very disturbing. In order to save 
money, companies appear to be willing 
to gamble on third-party outsourcers, 
be they in the same country or in a for- 
eign country. | suspect the feeling 
among many companies is that they 
can always blame someone else and 
escape penalties. This should not be 
possible. 

| would suggest that lawmakers 

around the world revise their privacy 
protection laws to hold all parties 
equally responsible. For example, if 
Megasales of Chicago contracts with 
Cheapcalls of Bangalore, India, to 
handle calls, and Cheapcalls compro- 
mises the data of Megasales cus- 
tomers in a way for which the penalty is 
$1 million, then both Megasales and 
Cheapcalls should be penalized $1 mil- 
lion. This is akin to the law related to 
accessory before the fact of a murder, 





in which all parties may be found guilty 
of murder, regardless of who pulled the 
trigger or wielded the knife. 

Joe B. Davis 

Fort Lawn, S.C., 
jbdavis@infoave.net 


Projects Need Rules 
For Regular Workers 


HAVE JUST FINISHED reading Andy 

Boynton's “Throw Out the Rules” 
[QuickLink 55578}, and | feel like | am 
back in the 1970s. | have led and been 
successful with elite teams on critical 
projects for large companies, and | 
know there are rules that are neces- 
sary for effective development and de- 
ployment of applications. Not the least 
of these is the requirement to meet 
standards for documentation of com- 
pleted work so that others not so elite 
can run, manage, change and make 
additions to the team’s work after they 
are long gone. 

These are not arbitrary rules and 
standards but are necessary if chaos is 
not to be created, as will happen if the 
teams have not incorporated links and 
business rules so that their product fits 
seamlessly into the work queue. 

By all means, do not omit the type of 
team defined in the article. But do not 
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infer, as | believe the author has done, 
that they are the be-all and end-all for 
success. Nothing could be further from 
the need to deal with the complex real 
world of the business. 

Norman H. Carter 

President and CEO, Development 
Systems International, Los 
Angeles, dsicarte@sbcglobal.net 


Mainframer Experts 


Deserve Better 


FTER READING the article “IBM, 

Users Work to Attract Young Main- 
framers” (QuickLink 56383] and the 
related “Shortage of Mainframe Skills 
May Give IT Execs Gray Hairs” [Quick- 
Link 55867], | suspect that what U.S. 
employers really want is to attract the 
younger, low-wage, entry-level type of 
employees into the mainframe world. 

In today's labor market, U.S. em- 

ployers have gotten used to exploiting 
MCSE types at $10/hour jobs and want 
the same advantage over mainframers. 
What else explains the number of vet- 
eran DP’ers and mainframers either 
underemployed or in the unemploy- 
ment line? 
Steve Youschak 
Contract consultant, Pittsburgh, 
youscs@hotmail.com 


Relational Data Storage Paradigm Is a Valid Response to Complexity 


CHEMA COMPLEXITY is a real 

problem, but it is not due to the 
relational paradigm [“Time for a New 
View of Data Management,” QuickLink 
55953]. The simple fact is that the 
domain of information managed as 
data has grown larger than the average 
IT professional can understand. No 
change in representational methods, 
data communication protocols or ana- 
lytical processing engines can reduce 
the inherent complexity of the universe 
of knowledge that today’s business 
users want to control. 

The problems created by excessive 
normalization or by incorporation of all 
known data into a single schema are 
not fundamental properties of the rela- 
tional paradigm; they are design choic- 
es made by data architects. There 
is nothing inherent in the relational 
methodology to prevent creating a 
system of understandable chunks of 
knowledge, each linked to others by 
join tables in the same way that the fact 
table of a star schema joins all the di- 
mensions in a dimensional hypercube 
data warehouse. There is also nothing 
in current relational DBMS technology 








that requires all data for all purposes to 
reside in a single database, or in multi- 
ple databases managed by a single 
DBMS instance or engine. 

There are three properties that are 
guaranteed by valid relational models 
that can’t be guaranteed any other way. 
The first is that any correctly stated 
query will resolve into some result set. 

The second is that every atomic 
fact is stored only once, so while the 
data may be incorrect, it can’t be in- 
consistent. 

The third is that if proper integrity 
constraints are used, any data once 
stored can be retrieved by a properly 
formulated query regardless of any oth- 
er data insertions, deletions or modifi- 
cations that may have occurred since 
that data was entered. No other data 
storage paradigm developed before or 
since can provide these assurances. 

XML, OLTP, Web services and all 
the other modern methods invoked by 
Curt A. Monash are not essentially pri- 
mary data storage methods. They are 
application-based approaches to data 
usage. One fundamental fact of the his- 
tory of data storage is that data itself, 





and its inherent relationships, are 10 
times more stable than the business 
uses to which it is put, the processes 
executed upon it and the applications 
used to perform those processes. 
There has to be a place to keep one real, 
certain copy of the actual, atomic infor- 
mation, regardless of how it arrived, 
where it will go and how it will be input 
and output. 

Issues of input data quality, missing 
data and security are not inherent to 
relational methods, having first arisen 
long before the relational paradigm 
was invented. Problems of complexity, 
human error, trust and the like will al- 
ways be with us, as will the need for 
protocols, procedures, training and 
skills with which to mitigate those 
problems. 

Replacing structured data storage 
with unstructured data storage will cer- 
tainly not make them go away, and it will 
certainly bring back those problems that 
we now do not have because they were 
solved by the advent of relational struc- 
tured methods. 

David P. Vernon 
Tucson, Ariz., vdpphd@qwest.net 
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With Sybase’ software, the PRC Ministry of Railways 
developed an innovative ticket sales and reservation system that: 


. passenger traffic of more than one billion people a year 


H Handles up to 5,000 ticket requests simultaneously 


[. Captures and analyzes passenger data on national, regional and local levels 


Replacing an outdated, paper-based ticketing system that supports one of the largest railway networks in the world is a monumental task. That’s why, 
when the People’s Republic of China (PRC) Ministry of Railways wanted the right technology partner, they chose Sybase. Using Sybase Adaptive Server® 


Enterprise, Sybase® IO, and Replication Server® software, the PRC created an information edge that enables passengers to purchase round-trip or 


one-way tickets from 24 regional ticket centers, 510 booking systems and over 5,000 counter terminals. That means customers are happier. Employee 


productivity is up. And trains are filled with people ...and profits. www.sybase.com/infoedge116 
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T WAS THE LATE 1990s, in the busy, boom years of 
high tech. At The Burlington Northern and Santa 
Fe Railway Co., IT employees were scrambling 
to tackle a backlog of IT projects that had accu- 
mulated during a merger that the railroad had re- 
cently completed. The joining of the Burlington 
Northern and Santa Fe railroads into BNSF had ne- 
cessitated an all-out effort to merge the two compa- 


nies’ IT systems — a huge project that IT staffers had | 


dubbed jokingly their “mission from God.” Now, 
however, they were playing catch-up with all of the 
other IT demands of the two companies — an effort 
that was threatening, they say, to become their “mis- 
sion from hell.” 

“We had to ignore the other IT needs of the mere 
mortals in the business to get the merger done,” 
says Jeff McIntyre, assistant vice president of tech- 
nology services at Fort Worth, Texas-based BNSF. 
“But we knew we would have a barrage of demand 
afterward.” 

To get a handle on the projects, McIntyre and his 





By Sue Hildreth 


staff deployed TeamPlay software from Primavera 
Software Inc. in Bala Cynwyd, Pa., to catalog all the 
projects and break them down into steps and re- 
quired resources. That project management effort 
was the first stage in BNSF’s eventual IT governance 
program. 


Why Governance? 

Project management is one of several IT manage- 
ment fields that have come together under the broad 
umbrella of IT governance. Today, governance in- 
cludes not only project management but also change 
management, application life-cycle management, as- 


set and resource management, portfolio management | 


and, often, security management. It’s essentially the 
comprehensive management of every component of 


IT operations and entails cataloging, tracking and or- | 


chestrating IT projects, processes and assets. 

The reasons for implementing IT governance are 
as varied as the category is broad. For some organiza- 
tions, IT governance is mainly driven by the need to 
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SABELLE CARDINAL 


| comply with regulations like the Sarbanes-Oxley Act. 
| It means creating audit trails and storing files in a 


more organized way. For others, IT governance is all 
about squeezing extra efficiency out of the organiza- 
tion and making sure that IT is supporting the most 

critical business needs. And for yet others, it means 

enforcing the company’s best practices. 

“It’s a very broad and fuzzy topic, but basically 
there are four elements of IT governance,” says Rob 
Dietrich, chief technology officer at MKS Inc. in 
Waterloo, Ontario. “The first is aligning IT with the 
strategic goals of the business. The second is effec- 
tive and efficient use of resources. The third is risk 
management. The fourth is visibility into the overall 
IT operation.” 

Like BNSF, many companies took their first steps 
into IT governance with project management initia- 
tives and software. Over the past several years, the 
category has grown to incorporate a growing range 
of management and technology capabilities. 

At BNSF, one of the forces driving the adoption of 
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IT governance was the need to comply with 
Sarbanes-Oxley, which mandates openness and 
audit trails in financial reporting. A private audit 
had recommended changes to BNSF’s development 
process, since many of the applications involved 
financial activities. To ensure compliance, IT man- 
agers implemented another type of tool that has 
become part of the IT governance portfolio — appli- 
cation management software. Application manage- 
ment products provide automated workflows and 
electronic sign-offs that help to enforce consistent 
and auditable development processes. BNSF chose 
tools from MKS. 

Sarbanes-Oxley “certainly had an impact on the 
application development life cycle and the need for it 
to be crisply documented, with sign-offs and so 
forth,” says McIntyre. 


Defining IT Governance Applications 
Many IT management applications claim to enable 
IT governance, mainly because there are so many IT 
functions that can benefit from governance. 

“It is an emerging market, and vendors approach it 
from different angles,” says Jason Bloomberg, an ana- 
lyst at ZapThink LLC, an IT research and consulting 
firm in Waltham, Mass. An effective, full-fledged IT 
governance product must perform four functions, he 
says. “It must provide a way for management to com- 
municate its policies. It must give rank-and-file em- 
ployees a way to implement the policies. It must give 
management visibility into whether the policies are 
being followed. And it should include mitigation 
techniques, so if there is a problem, there is a way to 
fix it,” he says. 

IT governance applications may also support one 
of the major IT best practices frameworks, such as 
the Control Objectives for Information and Related 
Technology, the Committee of Sponsoring Organiza- 
tions of the Treadway Commission’s internal control 
and enterprise risk management frameworks, or the 
Information Technology Infrastructure Library, 
which publishes best practices 
guidelines for things such 
as change management, prob- 
lem management and security 
management. 

“Don’t look at IT governance 
as just a technology solution, 
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comes from improving asset and resource manage- 
ment, says Melinda Bailou, an analyst at IDC, an IT 
research firm in Framingham, Mass. 

“There is a lot of politicization around resource al- 
location, with different groups vying for the same 
constrained resources,” she explains. “Unfortunately, 
most organizations barely have an inventory of their 
applications.” 

Pittsburgh-based Highmark Blue Cross Blue Shield 
is a case in point. With 121 applications and some 60 
million lines of Cobol and Java code, the insurance 
provider had a large investment in code and a good 
reason to want to increase component reuse. 

Last year, Highmark discovered that despite the 
existence of a component-reuse strategy for internal 
software development, programmers weren't recy- 
cling code. The reason: They simply didn’t know 
where to find these reusable components. “We have 
a component strategy, but we weren't getting the lev- 
el of reuse we expected because people didn’t have a 
place to go to find out what’s available,” says Mike 
Kronenwetter, vice president of technology manage- 
ment at Highmark. 

To provide a central library of such components, 
Highmark bought Logidex from LogicLibrary Inc. in 
Pittsburgh to house and manage its software assets. 
“Now Logidex will be the system of record for all our | 
development assets,” says Kronenwetter. 

Integris Health Inc., a not-for-profit health care 
organization in Oklahoma City, also needed better 
oversight of its IT resources. In 1999, Integris’ IT 
staff was stretched thin from handling tasks relating 
to a recent merger and was caught in a tug of war 
between competing business managers from the 
newly merged units. IT couldn’t easily prioritize 
projects because it lacked a standard process for 
doing so, and IT staffers had no standard place 
for tracking projects and storing their project 
files. When someone called in sick, a replacement 
might spend hours trying to locate needed files 
and documents. 
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So the organization decided to consolidate all of 
its IT data — everything from metadata on applica- 
tions and hardware to project budgets and employee 
time sheets — into a single database. The idea was to 
be able to analyze and report on related data more 
easily, explains Cynthia Hilterbrand, formerly direc- 
tor of IT business development and planning at Inte- 
gris. “We wanted to get our arms around things and 
track and monitor all our resources and projects,” 
she says. 

Integris didn’t stop with merely cataloging its data, 
however. Using Compuware Corp.’s Changepoint 
management software, the organization began track- 
ing IT projects and tasks and defining processes for 
all sorts of IT activities such as purchasing equip- 
ment or handling medical records. 


Automating Processes 

Like asset management, process management is an- 
other area in which IT governance can provide bene- 
fits. A corporation can define its guidelines for every 
IT activity and then code that into the workflow of 
the IT governance software. Each activity will then 
be automated so that employees can’t easily deviate 
from the prescribed process. That enables IT to bet- 
ter enforce standards on all employees, regardless 

of rank. 

“Executives wouldn’t always follow their own 
rules,” says Hilterbrand. “We needed IT governance, 
which says, ‘OK guys, these are the rules and we all 
have to play by them.’ It makes everything visible.” 

Governance software can help enforce policies by 
imposing automated workflows, checklists, status 
alerts and sign-offs. It can also provide an audit trail 
to prove whether an organization is following its 
own stated processes — something that has become 
particularly important for companies seeking to 
comply with Sarbanes-Oxley. 

The process management aspect of IT governance 
can also deliver benefits in the management of 
outsourcers. Processes inevitably differ among orga- 
nizations, and communication 
can be difficult when dealing 
with a remote IT team. 

When Tyco Fire and Security 
in Boca Raton, Fla., decided to 
install VA Software Corp.’s 
SourceForge software develop- 


but as a business framework,” 
advises Kris Lovejoy, CTO 

at Consul Risk Management 
Inc., a provider of compliance 
products and services in Hern- 
don, Va. 


Gaining Control 

As one CIO quipped, the 
biggest benefit of IT gover- 
nance at his organization is that 
“no one’s gone to jail yet.” 
There’s no doubt that comply- 
ing with Sarbanes-Oxley and 
keeping senior executives out 
of trouble is a key driver be- 
hind many IT governance proj- 
ects. Nevertheless, the greatest 
operational payback often 


IT governance isn’t just about enforcing poli- 
cies. As Jeff Mcintyre, assistant vice presi- 
dent of technology services at Burlington 
Northern and Santa Fe Railway, observes, 
governance can also help IT prove its value 
to the business side of the organization. 

The 1,100-member IT staff at BNSF care- 
fully records every hour they worked, listing 
the project and department for which the 
work was done. That information then be- 
comes part of a report card the staff has 
dubbed “Showback” - a mock form of a 
“chargeback” - that’s distributed to business 
managers to show them how they're using 
IT resources. 

“We can drill down and see how much ot 


the IT expenses were used by the marketing 
department and which applications were 
used, which people, what PCs and printers, 
the telecommunications expense, etc.,” 

says Mcintyre, who adds that the system not 
only shows business managers where the IT 
money is going but also inspires IT workers 
to make applications and IT systems perform 
more efficiently. 

“They can see now that if this module were 
tuned better, it could result in fewer hours of 
computing consumption,” says Mcintyre. 
“We've banked anywhere from $1 million to 
$2 million in savings a year in our operating 
budget over the past couple of years.” 

~ Sue Hildreth 


ment management application, 
the manufacturer of fire protec- 
tion and security products 
hoped to standardize processes 
between its offshore contract 
programmers and its in-house IT 
staff. Tyco had problems with 
projects missing deadlines, 
processes not being followed 
and quality goals not always be- 
ing met. 

“We felt it was getting nearly 
out of control,” says Kristine 
Koneck, director of global tech- 
nology services at Tyco. “We 
couldn’t keep track of what our 
outsource partner was doing.” 
Also, developers wasted a lot of 
time — as much as eight hours a 
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week — searching for work-related documents, 
she says. 

The SourceForge tool provided them with collabo- 
rative tools, a repository for storing all project files, 
and defined workflows to enforce processes and 
deadlines. Since implementation, the number of 
projects delivered on deadline has risen by 30%, 
according to Koneck. 


Toward an IT Governance Platform 

While many products within the IT governance 
arena still target only certain functions, such as proj- 
ect management or security management, a growing 
number are building or buying additional modules to 
span virtually all IT activities, uniting them under a 
single dashboard. 

For instance, Lovejoy points to BMC Software 
Inc.’s suite of products, which together cover identity 
management, asset management, application man- 
agement, event management and change manage- 
ment. Likewise, vendors such as IBM, Computer 
Associates International Inc. and Mercury Interac- 
tive Corp. also have products that can make up 
much, or all, of an IT governance suite. 

The value of having various governance tools in 
one suite is that they offer the ability to share data 
for analysis and reporting and to provide a dash- 
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FIVE OF THE DISCIPLINES INCLUDED IN IT GOVERNANCE: 


SOURCE: ZAPTHINK LLC, WALTHAM, M; 
board view into whatever combination of informa- 
tion a manager wants to see. 

The benefits of this suite approach became obvi- 
ous to Nielsen Media Research Inc. after it imple- 
mented Mercury’s IT Governance Center software 
earlier this year. New York-based Nielsen started 
with the product portfolio management component, 
then added resource management. It plans to soon 
add the demand management and program manage- 
ment components. 

Because all of these functions are components in the 
IT Governance Center suite, Nielsen can easily imple- 


ment them as needed. Moreover, managers can quickly | 


view all data pertaining to a particular product or pro- 
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gram via a central dashboard, says Christina Carbone, 
a director for quality and measurement at Nielsen. 
The company also uses Mercury’s TestDirector and 
Quality Center tools, which will be integrated with 
the demand management component for better man- 
agement of the daily production of products. 

As Carbones explains, “Having that single view of 
your portfolio, resources, demand management, test- 
ing requirements and project status — it gives you a 
single view into the total health of all of your proj- 


ects.” @ 57257 


Sue Hildreth is a freelance writer based in Waltham, 
Mass. She can be reached at Sue.Hildreth@comcast.net. 
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OKEICE 
Renova 


Microsoft's man 
in charge of Office 
takes alook at the 
desktop app from 
a developer's 
point of view. 
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Microsoft Corp. Senior 

Vice President Steven 

Sinofsky manages re- 

search and development 

for the company’s Office 

System products. He 

recently spoke with 

Computerworld’s 

Carol Sliwa about the 

=== new Office 12 release, 

which is due next year. 


What is your vision for corporate IT develop- 
ers who write enterprise applications? Are 
you trying to get more of them to use Office 
as the user interface to the applications they 
develop? For many, many years and 
many releases, corporate IT shops 
have used Office as a front end for 
their systems, whether it’s expense re- 
porting in Excel or contract prepara- 
tion in Word, or even presentation li- 
braries in PowerPoint, and certainly 
Access for tracking or for applying dif- 
ferent data sources. 

What we've heard from them is that 
much of their application development 
is moving to much bigger line-of-busi- 
ness systems. It used to be, “Build a 
quick solution using Word to do con- 
tracts that work in the department.” 
Now they want those contracts to be 
connected to the line-of-business data. 
So what we’ve done, starting with Of- 
fice 2003, is really increase the level 





of platform support for building line- 
of-business solutions. 


In what ways? Let me give you two ex- 
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amples. One is the XML file format in 
Office, which we released the specifi- 
cations for. We’ve had some of that in 
Office 2003. All the solutions that in- 
volve Office involve manipulating files 
and working with them. Today, to do 
that, you have to start up the Office 
client and manipulate the file through 
the object model. That’s very tricky 
code to write, and it’s been a source of 
engineering challenges. 

With the XML file format, you can 
actually use any standard XML tool to 
create and manipulate the information 
in the document. You could write a 
server process that, from the ether, 
synthesizes an Office document. You 
can build an XML transform that 
would take a document and extract the 
summary of it or change some of the 
properties and retarget it for another 
use. Those are the kind of things that 
people used to write a lot of code for, 
but you can now do it in a more robust 
way with the open file format. 

At the other end of the spectrum are 
examples about the whole role of using 
a server as a place to store important 
data. I visited a United Nations organi- 


databases. The problem that the IT 
group had [was] they found the same 
Access databases copied all over their 
organization, and they couldn't figure 
out which one was the definitive copy. 
What IT has lacked is a server plat- 
form to build an application on in an 
easy way. So what we’ve built with 
SharePoint is a way for end users to 
easily create those tables that they 
want to use as lists. They can use tools 
like Access for fancy reporting. And IT 
can control and manage that data out 
on SharePoint, and it scales for the en- 
terprise. That’s so much easier than 
trying to say, “What we'd really like to 
do is put it all in SQL,” because once 
they say that, they become the bottle- 
neck for getting that work done. They 
don’t have the resources for every little 
group that wants to have a database. 


Will tying applications to SharePoint be a 
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Senior vice president, Office 
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responsible for the design, implemen- 
tation and marketing of Office and 
overseeing the development of Office 
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Office 95 and Office 97. (| 


prime focus with Office 12? When you 
deploy it, you develop against it. You 
don’t just install it and use it. You’ve 
got to create a bunch of Web parts, and 
you're going to deploy the search ser- 
vice and things like that. 

We’ve really upped the platform ele- 
ments of the server functionality in 
Office 12. We have a foundation called 
Windows SharePoint Services, and 
that’s the base [application program- 
ming interface] for doing all of the 
functionality. Then [there is] a set of 
services. Each of those services repre- 
sent applications built on that API. At 
the same time, each of 
those services is itself a 
platform that people can 
write to. 

Take one example: Excel 
Services, the ability to do 
business intelligence re- 
porting from within the Office 12 sys- 
tem. By itself, it’s merely a way of ren- 
dering spreadsheets through a browser 
interface, which is neat, but unless 
there’s a developer in the picture, it 
won't do anything. A developer has to 
set up a SQL Server database that gets 
their sales information, build an ana- 
lytical processing cube to get to that 
data and then construct the model that 
in Excel connects to that data. But once 
they do that, then they just push that to 
the SharePoint site, and it’s now visible 
in a browser to everybody. Everybody 








MORE ON OFFICE 
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can reuse all that information that 
they’ve done by just pushing. They’re 
using an Excel button, or they can do 
pivoting and analysis and charts within 
the browser. 


If corporate IT developers use any Office ap- 
plication as a front end, it seems to be Excel. 
Any system that involves financial in- 
formation, no matter what front end 
they create for it, if the system is going 
to be successful, the front end has an 
“export to Excel” button. 

My first job while I was in college as 


| an intern was working in a manufac- 


turing organization. We spent all day 
during the summer getting requests for 
the reports to be sorted a different way, 
organized a different way, with a differ- 
ent set of columns or subfolders one 
way. And the truth is, that hasn’t really 
changed in terms of requests to IT. But 
what’s changed is they don’t have peo- 
ple like me sitting there waiting to hear 
that they want the data sorted a differ- 
ent way. They send a report out elec- 
tronically. It’s sitting on a Web page. 
And then you watch these poor end 
users cutting and pasting, trying to 
figure out how to get it. The best ex- 
amples of really great line-of-business 
systems export the information to 
Excel in a way that you can just say, 
“Look, I’m the field manager. I know 
what metrics are important. I’m here 
trying to figure out our supply chain. 
And if I can’t get to the data, I can’t 
make the system work better.” 

What we see time and time again, no 
matter what business intelligence sys- 
tem people are using, Excel is the most 
popular front end. There’s a lot of sys- 
tems in between, and many IT people 
hope that that’s the definitive one, that 
whatever Web page they can create is 
the one that everyone will use. But it 
_ turns out that you’re paying 
people a lot of money to 
make decisions on the in- 
formation in an organiza- 
tion, and they’re going to 
make the decisions based 
on analyzing and synthesiz- 
ing the data, combining data sources 
that the IT group didn’t think about. 

And so all of the tools out there to- 
day, SAP as an ERP system or Hyperi- 
on as a BI system, all export to Excel, 
export to Access. The most popular 
reporting language to output is RTF, 
which is a format that Word under- 
stands, because even though all that 
stuff gets dumped to Word, they still 
want to edit it and change it, and then 
it has to all end up in PowerPoint, be- 
cause someone has got to tell the boss 
what’s going on. @ 57245 
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PLM Review Needs 


| run a report on any user and 
| discover what object he 

| checked in or out and what ac- 

| tivity he accomplished. We | 
| should be able to log and audit | 
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Security Attention 


Buying a product life-cycle management 
application is an opportunity to address IP 
protection issues. By Mathias Thurman 


OR THE PAST couple of 
weeks, I’ve spent most 
of my time in meetings 
to review and select a 
new product life-cycle man- 
agement (PLM) application. 

Normally, I would just for- 
ward a copy of my guide to 
implementing secure applica- 
tions and let the project man- 
ager go to town. But I have 
been charged with protecting 
the company’s intel- 
lectual property, and 
this PLM deployment 
is critical to that 
strategic objective. 
Therefore, I wanted 
to be actively in- 
volved in assessing 
the security controls. 

For those of you security 
folks who haven't had the 
pleasure of working at a man- 
ufacturing company, PLM is 
an application that’s used to 
document and support the 
complete life cycle of a prod- 
uct, from planning through 
product maintenance. Most 
important, PLM software will 
help us manage the bills of 
materials for our products. 

I like to think of the bills of 
materials as the ingredients of 
our products, and the comput- 
er-aided design (CAD) dia- 
grams, along with supporting 
documentation, as the recipes 
for putting those products 
together. Our shopping list, 
explaining where we get our 
ingredients, is the enterprise 
resource planning element, 
which maps parts and suppli- 
ers. Some of the parts are 
common ones that we get 
from outside suppliers, while 
others are built in-house. 

The hardware that we make 
from these ingredients sells 
for upward of a million dol- 
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| lars. As you can imagine, if 

| someone were to get a hold 

| of the ingredients, recipe and 

| sourcing information and then 
| sell the information or use it 

| to build a competing product, 
we would be out a consider- 
able amount of money. 

As I already said, one of my 
objectives as security manager 
at this manufacturing compa- 
| ny is to put together a program 

for protecting our 

intellectual proper- 
ty. An element of 
this program is to 
ensure that the en- 
terprise applications 
that house our intel- 
lectual property are 
| properly written. 

In the case of the new PLM 
| application, the goal is simple: 

We need to restrict users so 
| that each one can access only 
| the information that he needs 
| to do his job, with that access 
| defined by the role the user 
| plays in the company. As many 
| of you know, this is also called 
| the “rule of least privilege.” 

As we set out to apply the 
rule of least privilege to the 
| new PLM application, we have 
| two considerations. While it’s 
important to restrict access so 
| that a user has access only to 
the parts, documents and dia- 
grams he needs to do his job, 
that same user shouldn’t be 


| like to think of the 
bills of materials as 
the ingredients of 
our products. 


| 
| 
| 





| restricted in his quest for pre- 
existing information. 

An overly restrictive ap- 
| proach will stifle creativity 
simply because users will be 
in the dark about existing in- 
formation that could be used 
in the development process. 

For example, a CAD dia- 
| gram is a series of overlays. 
| Some overlays represent com- 
mon objects that are reused 
for many of our company’s 
products. 

If I restrict access to a com- 
mon object to the point that 
an engineer doesn’t know it 
| exists, he may spend time de- 
veloping it — reinventing the 
| wheel. It’s going to take many 
months to iron out the logic 
that will be used to define the 
use of shared or common ob- 
jects. 


Big Challenges Ahead 


Today, our company’s archaic 
PLM application is wide open. 
Any user who has access can 
view any bill of materials for 
any product in the company. 
This is bad. And with the in- 
crease in offshore develop- 
ment, the chance that our in- 
tellectual property will be 
stolen is much greater. A con- 
siderable amount of work will 
be needed to figure out which 
information is common to 
which product and to properly 
define which employees need 
access to which products. 

At the same time, I’m also 
hoping to leverage our exist- 
ing Microsoft Active Directo- 
ry infrastructure and our 
single sign-on application to 
assign access based on attrib- 
utes that delineate what a user 
does for the company. It’s not 
quite identity management, 
but it'll have to do. 

In addition to the logic that 
will describe access privileges, 
there are, of course, other ap- 
plication security features that 
I have to ensure that the PLM 








product provides. 

For example, we will want 
audit logs that provide suffi- 
cient granularity so that I can 


any activity within the appli- 
cation, and the logs should be 
able to be exported to a vari- 


| ety of third-party applications 
| for reporting purposes. I like 
| the ability to export data to 


XML, so that the data can then 


| be easily incorporated into a 
| Web page. 


Administrative access also 
needs to be reviewed. Besides 
wanting sufficient levels of 
administrative access, I’d like 
to be able to incorporate a 
stronger form of authentica- 
tion, such as the two-factor au- 
thentication I’ve written about 
before. (Two-factor authent- 
ication requires something you 
have, like a token, plus some- 
thing you know, like a personal 


| identification number.) 


I also want to ensure that 
the vendor has written its ap- 


| plication securely. Many PLM 


applications are Web-based, 
which of course could open 
the door to several vulnerabil- 
ities if the developer hasn’t 
written the application with 
security in mind. I’m mainly 
referring to vulnerabilities 
such as cross-site scripting, 
SQL injection and cookie 


| tampering. 


When I asked one vendor’s 
representative if he had any 


| third-party assessments or 


other data to support the com- 
pany’s assertion that its appli- 

cation is secure, he tried to re- 
assure me by saying that the 


| application is being used at a 


U.S. defense contractor. I got a 
chuckle out of that one. So, for 
now, I'll continue interrogat- 
ing the vendors and hope that 
one will rise above the rest. D 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 

To find a complete archive of our 


Security Manager's Journals, go online to 
@ computerworld.com/secjournal 
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The U.S. once again came out 
on top of Sophos PLC’s list of 
the top 12 spamming coun- 
tries. But the percentage of 
the world’s spam that origi- 
nated here during the past six 
months fell to 26.35% from 
41.5% in the same period last 
year. The only other countries 
contributing more than 10% of 
all spam were South Korea 
(19.7%) and China (15.7%). 
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A STROLL THROUGH THE TECHNOLOGY LANDSCAPE 


This Is Only 
A Cybertest 


Japan will conduct nationwide exercises next year 
in order to prepare effectively for 
cyberattacks on computer net- 
works, 

Mock cyberterrorists will sim- 
ulate attacks on computer net- 
works of businesses and govern- 
ment organizations to discover 
vulnerabilities, according to the 
Yomiuri Shimbunnewspaper 
and United Press International. 

Participating in the exercises 
will be financial institutions, 
communications companies 
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Tokyo is readying for cyberattack. 


| and Internet service providers, as well as the central 
| and local governments. 


Participants in the exercises will set up dummy 
Internet servers with the same content as real ones. 

Foliowing the simulated attacks, participants will 
measure computer security by gauging the time 
and work necessary for them to 
normalize their networks. 

Anincreasing number of 
companies and government 
offices in Japan have been the 
target of cyberattacks. In one re- 
cent case, Kakaku.com, Japan's 
largest Web site specializing in 
product comparison information 
for consumer goods, had to be 
shut down temporarily after its 
network was the target of an 
attack. @ 57275 


Help for FEMA 


Aresearch team led by a University of Ari- 
zona professor has found a way to improve 
maps of the western U.S. used by the Feder- 
al Emergency Management Agency to de- 
termine the amount of land area within 100- 
year flood plains. Initial results indicate that 
FEMA's current maps significantly overesti- 
mate the size of flood plains. 

The three-pronged approach combines 
anumerical computer model with data from 
satellite-image analysis and observations 
from the field. 

In addition to providing better hazard in- 
formaticn to the public, revising the flood- 
plain maps could have major economic ef- 
fects on the rapidly growing Southwest. Of- 
ten, homeowners in areas deemed to be ina 
flood plain must buy flood insurance in addi- 
tion to regular homeowner's insurance. 

To create a computer model to predict 
flood intensity, Jon D. Pelletier, an associate 
professor of geosciences at the University of 
Arizonain Tucson, used very detailed maps 
of alluvial fans, data from stream gauges and 
amathematical analysis that predicted how 
the water flowed through the numerous 
small channels on a given alluvial fan during 
agiven storm. 

For maps, Pelletier used digital elevation 
models, which are computer-generated 
maps made from low-altitude aerial pho- 
tographs that can show changes in elevation 
ofasittle a four inches. The combined 
method applies to the foothills of western 
mountain ranges such as the Santa Catali- 
nas and the Tortolitas outside Tucson. Many 
western cities, including Phoenix, Las Vegas 
and Denver, have similar foothills. 
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“We have three methods that give darn 
near the same result, and it's a way smaller 
flood plain than the model FEMA has gener- 
ally used,” Pelletier says. 

Pelletier and other researchers, including 
Larry Mayer, a University of Arizona adjunct 
professor of geosciences, and Philip A. 
Pearthree, a research geologist at the Ari- 
zona Geological Survey in Tucson, published 
their findings in the current issue of GSA Bul- 
letin, a publication of the Geological Society 
of America. 


JON D. PELLETIER. UNIVERSITY OF ARIZONA 


This computer-generated model 
shows how 1997 Tropical Storm 
Nora affected Tiger Wash in 
Arizona’s Harquahala Mountains. 
The red shows where the water 
was deepest, and the brown 
indicates upland areas that 
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U.S. Q4 Online Retail 
Sales,* 2001-2005 
(in billions and as a % increase vs. prior year) 
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Sources: 2001-2004 data: U.S. Department of 
Commerce, August 2005; 


2005 data: eMarketer Inc. estimate, September 2005 
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Seagate Releases 
New Hard Drives 


® Seagate Technology LLC has 
announced the availability of its 
Barracuda 7200.9 internal hard 
drives. The products are targeted 
at low-cost and Serial ATA 
servers, PCs, PC gaming systems 
and media PCs, according to the 
company. They have a capacity of 
up to 500GB, with 3Gbit/sec. 
throughput and native command 
queuing. Information about pric- 
ing wasn’t available. 


AirWave Upgrades 
Wireless Software 


@ AirWave Wireless Inc. intro- 
duced Wireless Management 
Platform 4.0, which it said offers 
Web-based graphical views of 
Wi-Fi networks that help desk 
staffers can use. Other features 
include wired-network-based 
rogue access-point detection. An 
introductory system that manages 
25 access points costs $3,500. 


NetApp, Kazeon 
Team for Search 


® Network Appliance Inc. last 
week announced an agreement 
with Kazeon Systems Inc. that 
Calls for the two companies to in- 
tegrate the data classification and 
search capabilities of Kazeon’s 
Information Server with NetApp 
storage systems. The Kazeon In- 
formation Server 1S1200, also 
announced last week, integrates 
with NetApp data protection and 
regulatory compliance software. 


Imation Announces 
Integration Product 


® Imation Corp. has announced 
new technology called Ulysses 
that integrates a hard disk drive 
into a standard tape cartridge for 
deployment in any tape library. 
The hardware that fits into the 
tape drive bay and reads the disk 
is expected sell for between 
$5,000 and $7,000 retail, and 
the cost of a Ulysses cartridge 
will be comparable to that of an 
LTO cartridge. 
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Addressing the Human 
Security Vulnerability 


O, YOU HAVE THE BEST FIREWALL, intru- 

sion-detection and antivirus systems technol- 

ogy has to offer. Yet, despite your Fort Knox 

approach, you're still hit with security breach- 

es and the occasional malware du jour. One 
reason for this may be the lack of motivation by your 
workers. Unlike owners, they don’t have a direct inter- 
est in the success of the company. Or do they? How far 
are they willing to go to ensure corporate success? 


Usually, not very. In fact, 
in most cases, they don’t 
put much additional effort 
into executing their duties 
— just enough to get the 
work done and retain their 
jobs. According to Ken 
Shaurette, information se- 
curity solutions manager at 
MPC Technology Solutions, 
however, “a too-often over- 
looked way to improve 
these attitudes is to include 
information security in the 
job descriptions of employ- 
ees.” When your organiza- 
tion makes security awareness and poli- 
cy compliance mandatory, the apathetic 
trend can be reversed. 

When management requires security 
policy compliance to be a key part of an 
employee’s job, interest is generated. 
An added benefit is that security be- 
comes part of the corporate culture. 
With performance reviews (hence, pos- 
sible raises) looming periodically, em- 
ployees are more apt to fit compliance 
into their daily routine. Knowing that 
they’re being graded encourages em- 
ployees to comply with policies. 

Shaurette encourages employers to 
include a wider cross section of em- 
ployees in the interview portion of se- 
curity assessment and in compliance 
reviews. These additional personnel 
will automatically gain a better aware- 
ness of security issues simply as a re- 
sult of their exposure to security pro- 
fessionals. Not only will they add their 





input as to what data 
should be gathered for 
analysis, but they’ll also 
come away with a better 
appreciation of the need for 
assessments. When they’re 
a part of the compliance re- 
view, employees “will get a 
sense of ownership of the 
final results from the as- 
sessment,” says Shaurette. 
Inclusion alone won’t 
always solve employee- 
apathy problems, however. 
Here are some other ways 
to reduce security risks cre- 
ated by employees who just don’t care. 
Monitoring. One solution that maybe 
isn’t palatable but certainly is effective 
is employee usage monitoring. Tracking 
employee PC use can result in negative 
repercussions for the company, but it’s 
one sure way to establish control over 
the network. Monitoring needs to be 
carried out in such a way that employee | 
dignity is protected — a daunting task 
because few tools are available to auto- 
mate the process. “Doing the monitor- 
ing can become a very heavy adminis- 
trative burden or require many applica- 
tion modifications that are often not 
even possible because applications are 
vendor-maintained,” says Shaurette. 
Restricted access. Limiting or retract- 
ing network access can also reduce (if 
not prevent) the impact of employee 
apathy, according to Simon Heron, 
managing director of Network Box. 
With the IT manager in control, “signa- 





tures for antivirus and antispam can be 
pushed to the gateway and to the desk- 
top from central company servers,” says 
Heron. The manager is in control of 
downloading the signatures, and the 
manufacturer can push software up- 
dates onto the gateway to ensure that 
it’s up to date. “This means that the ap- 
athetic employee can’t get in the way of 
updating their systems; it takes them 
out of the equation,” says Heron. 

Unified threat management. Heron 
points out, however, that limiting 
access may not prevent infections 
altogether. Therefore, many organiza- 
tions are turning to unified threat 
management systems. Deploying this 
type of technology restricts employee 
access to the Internet for browsing 
and using e-mail and instant messaging 
applications. 

Endpoint security. It’s important to re- 
alize that careless use of endpoint de- 
vices like laptops and handhelds is one 
of the biggest causes of compromised 
security. Recent surveys have found 
that — because of outright ignorance of 
or, even worse, apathy toward security 
— roughly a third of users don’t even 
bother using password protection on 
their devices. This, of course, leaves 
data vulnerable to hackers and other 
opportunists, especially if the devices 
are lost or stolen. Moreover, remote 
users and mobile workers have been 
known to pick up viruses and worms on 
the road, then infect the corporate net- 
work when they return to the office. 

It’s imperative that endpoint devices 
be checked for compliance with your 
network security policy. Mandate that 
all endpoint devices have the latest 
patches and antivirus software. In addi- 
tion, your policy should restrict the use 
of file-sharing and peer-to-peer appli- 
cations and require certain operating 
system, browser and application securi- 
ty settings. @ 57313 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 








Introducing Cisco plus. 


Minus the 
3Com can make 


more intelligent 


Cisco Systems, Inc. is not affiliated or associated with nor 
does it endorse the products or services of 3Com Corporation. 
Whoa! Big surprise. So yes, we do compete with Cisco. But we 


also co-exist with them as an overlay to your current network 


3com.com/AdvanceTheNetwork 


security 
VoIP 
wireless 
switching 
routing 


services 





DON’T LET 
SPYWARE 
SABOTAGE YOUR 
EM ITERPRISE. 


The next threat is no threat with Trend Micro. 


Expose and eradicate spyware with Trend Micro's Enterprise-class, multi-level, 
anti-spyware solutions. They're the only solutions that block and clean at the gateway— 
the most effective point of control. Trend Micro. #1 global leader at the gateway and 
industry pioneer. Whether it's a virus, worm, spyware, or spam, we've got you covered. 


For a FREE evaluation and IDC whitepaper, 


go to www.trendmicro.com/spyware 





1O.1Z05 


MANAGEMENT | 


OUR Ceci los 
De eu 
Ct) Uy: | a 
BOE VA emu mul ee cry 
to ROI and key business value 


REVIVAL 


IT research and development 
is making a comeback, 
but the rules have changed. 


BY DAVID GEER 


ESPITE the dot-com fallout that pulled 

the plug on IT at the end of the last mil- 

lennium, IT R&D is staging a revival. 

But today, it has a new mission, a new 

culture, broader sponsorship, a different 
profile and a new emphasis on partnerships. 


Late in the 1990s, the typical IT R&D 
mission was to move ahead to the next 
technology no matter what. Research 
often went almost directly from exper- 
imentation into production without 
proper testing, without any justifica- 


tion of the value of the technology 

to business, without plans for properly 
engineering it into the environment 
and without a design for deployment, 
says Vijay Sankaran, IT manager for 
enterprise technology at Ford Motor 





creation. 


VIJAY SANKARAN, !T MANAGEF 


Co. in Dearborn, Mich. 
“There was no formalized, architect- 
ed approach to introducing new tech- 


| nologies,” says Sankaran. This led to 
| unfocused technologies such as multi- | 
| ple company Web sites that weren't 
| even linked together, he says. 


As a result, many dot-com IT R&D 
initiatives ultimately failed. “Projects 
were late; they didn’t do as expected, 
and even if they did work as expected, 
they didn’t deliver the kind of revenue 
gains people expected,” says Martin 
Reynolds, an analyst at Gartner Inc. 

“In the dot-com days, R&D efforts 
were consistent with that period’s land- 





grab mentality,” says John Baschab, 
co-author of The Executive’s Guide to 
Information Technology (John Wiley & 
Sons, 2003). Companies were focused 
on increasing their Web real estate by 
using technologies like scalable Web 
architectures to grow their Web pres- 
ence, visual design techniques to draw 
people in and back-office systems that 
could support millions of customers, 
he says. But for the most part, these 
plans did not materialize. “IT R&D 
today focuses more on practical, prag- 
matic issues,” Baschab says. 

While today’s IT R&D still has to 
innovate fast, it also has to innovate in 





44 COMPUTERWORLD October 17, 2005 


the right way, says Sankaran. The focus 
has shifted from research for research’s 
sake to meeting business needs. 

For example, in the late 1980s and 
into the 90s, as much as 50% of the 
IT R&D budget at The Procter & 
Gamble Co. went to pure emerging- 
technology research. “Now, about 80% 
of it is spent on doing engineering 
against business problems,” says 
Robert Scott, vice president of IT and 
innovation at the Cincinnati-based 
consumer goods maker. 

Innovation has always played a criti- 
cal role at P&G, Scott says. “But as we 
looked toward the future, we knew that 
we needed IT R&D to play an even 
larger role to maintain our edge in an 
increasingly competitive marketplace. 
For that to happen, we needed to 
change how IT worked and how it in- 
tegrated with the rest of the company.” 

Other changes at the company’s 
R&D group reflect the same new 
mind-set. “We call our IT R&D group 
‘E&D’ for engineering and develop- 
ment,” explains Scott. The name im- 
plies that the group’s goal is to engi- 
neer applications for business rather 
than research emerging technologies, 
he says. 

Despite the changes, IT R&D is 
once again very alive and robust, ac- 
cording to Scott. “We have some fun- 
damental areas of breakthrough that 
we consider strategically important to 
the company,” he says. “Our research 
organization has been realigned to 
go right up against those areas and 
deliver breakthrough ideas to push 
the envelope.” 


Cultural Changes 

New R&D group cultures also demon- 
strate much tighter ties with business. 
For example, DaimlerChrysler AG in 
Auburn Hills, Mich., for example, has 

a Global Technology Council with 
members from business, IT and IT 
R&D. It meets monthly to discuss busi- 
ness unit expectations and align bud- 
gets, says Seshu Bhagavathula, director 
of technology strategy. 

R&D today is less isolated from the 
rest of the business than it was before. 
“Everybody from the chairman on 
down is sponsoring advancements in 
technology,” says Jeffrey Cohen, CIO 
at DestiNY USA, a New York-based 
shopping mall developer. “It’s actually 
our chairman who has driven us to 
having an open-source platform 
across all R&D,” he adds. “From the 
top down, everybody’s interested in 
technology [and] how it will impact 
what we do as a company.” 

Broader sponsorship means more 


| According to 
| Sankaran, one of 
| those approach- 
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brains are work- 
ing together, 
storming up 
innovative 
approaches 

to R&D. 


es is to look for 
recombination 
opportunities. 
“How do you 
take technolo- 
gies already on 
the shelf and re- 
combine them 
in such a way 
that they make 
a meaningful business impact, rather 
than looking at what may be five to 
10 years out?” Sankaran says. 

R&D groups are also forging closer 
ties with suppliers. At Daimler- 
Chrysler, for example, IT R&D not 
only measures the performance of 
strategic suppliers, but it also some- 
times affects it. 

DaimlerChrysler product managers 
participate in customer focus groups 
in the research labs of the automak- 
er’s top suppliers, suggesting features 
that they would like to see in upcom- 
ing versions of products. The product 
managers are also permanent mem- 
bers of the supplier councils, which 
schedule meetings a minimum of four 
times a year. So the product managers 
know what’s coming next from the 
vendors much sooner than they once 


In the dot- 

com days, 
R&D efforts were 
consistent with 
that period’s land- 
grab mentality. 
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JOHN BASCHAB, CO-AUTHOR OF 
THE EXECUTIVE'S GUIDE TO 
INFORMATION TECHNOLOGY 





did, according to 
Bhagavathula. 

“They may 
even have input 
into what the 
next product 
should look 
like,” Bhaga- 
vathula adds. 

In cases where 
P&G has out- 
sourced IT oper- 
ations, it lever- 
ages relation- 
ships with ven- 
dors such as 
Hewlett-Packard 
Co. and IBM to 
gain access to 
their innovation labs. “We collaborate 
aggressively to create innovations. 
That’s our standard operating proce- 
dure,” says Scott. 

These partnerships aren’t limited to 
suppliers, though. Ford collaborates 
with various consortia, as well as 
open-source development labs and 
the Internet2 initiative, according to 
Sankaran. Internet2 is the next-genera- 
tion Internet, which the government 
and universities are developing today 
in much the same way they developed 
the current Internet. 

“We’re looking for ways to take off- 
shoots of some of that research and 
apply it to near-term implementations 
rather than esoteric research,” says 
Sankaran. Ford is focusing on the per- 
sonal collaboration space and how 
voice, video, podcasting and videocast- 
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WHILE R&D STAFF TITLES are much 
eee 


contig to Rebiat Seh. i pteditt 
of IT and innovation at Procter & Gam- 
ble. “I've been with P&G for 30 years, 
and | can tell you there was a time when 
our IT R&D group was made up of the 
technical geeks who nobody could un- 
derstand and frankly didn’t want to be 
around much,” he says. “You talk with 
our R&D people today, and | bet you 
could have a conversation with them for 
an bs ni pot one Rye poet ou 


people have to submit formal research 
proposals on the technologies they are 
evaluating. They have to tell the story of 
how the technology fits in,” he says. 

According to Scott, the key difference 
in today's IT R&D teams is that they're 
considered business partners who keen- 
ly understand how their expertise serves 
business needs. 

P&G's IT R&D leaders made a deliber- 
ate effort over the past four years to bet- 
ter integrate their teams with the busi- 
ness by setting goals that aligned with 
company goals, working more directly 
with the business units and refocusing 
employees, according to Scott. “Ulti- 
mately,” he says, “our R&D folks start 
with the end in mind.” 

~ David Geer 





www.computerworld.com 


ing are going to affect the way it does 
business, Sankaran says. 

P&G, Ford and DaimlerChrysler are 
also all looking at how to use radio fre- 
quency identification technology to 
make their supply chains more effi- 
cient. “Velocity through the supply 
chain is critically important,” says Scott. 
“We have done a lot of collaborative 
work to push that envelope because we 
believe we can significantly reduce 
costs for our retail partners and us.” 


Risks and Returns 

Because of R&D’s mission and budget 
realignments, many group find that 
there are more hard ROI expectations 
now than there were in the past. “IT 
R&D was previously about technology 
for its own sake. Today, it is much 
more linked to ROI and key business 
value creation,” says Sankaran. “We 
went through this phase where we un- 
dertook too much change within our 
organization. Now we're just trying to 
figure out what’s robust, what’s scal- 
able and how we peel back some of the 
messes that we made.” 

But expectations of big returns can 
work in R&D’s favor when it comes to 
budgeting. At P&G, the widespread 
belief that IT R&D is strategically fo- 
cused on the right things has helped 
shift the focus from a concern for con- 
trolling costs to a recognition of the 
need to invest in the business. As a 
result, Scott says, the company is will- 
ing to take more risks in order to “hit 
some big home runs.” 

With all of the changes in IT R&D, 
there is one striking similarity to the 
research organizations of the 90s: 
The goal is still innovation, and people 
still believe that technology is a critical 
differentiator. 

“Companies that can embrace tech- 
nology and build it into their product 
in a more meaningful way more quick- 
ly are the ones that are going to be 
more adaptable to change,” says 
Sankaran. 

Today’s IT R&D is less about pie 
in the sky and more about innovative 
applications that serve the business 
now. It’s run like a business and for 
the business by business-minded IT 
professionals. 

“Innovation has become a fixed 
scheme, not only within our company 
but also in many companies in the 
U.S.,” says Sankaran. “That’s one of 
the key factors in the reinvigoration 
of an IT R&D organization.” @ 57190 
Geer is a freelance writer in Ashtabula, 
Ohio. You can contact him at geercom@ 
alltel.net. 
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_THE INVASION 


_DAY 3: The servers have taken over. We bought 

so many affordable ones we can’t afford the people 
to manage them. How far does this sprawl spread? 
Have they taken over the city? The planet? 

Ma, have they gotten to you, too? (Must type 

very, very quietly. They're L-I-S-T-E-N-I-N-G.) 
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Shearan Picked for 
IT Helm at Mellon 


Melion Financial Corp. in Pitts- 
burgh announced that KEVIN L. 
SHEARAN has been promoted to 
ClO. Shearan joined Mellon in 
1997 as head of a new software 
engineering group and was pro- 
moted to executive vice president 
in January 2004. Shearan previ- 
ously served as director of tech- 
nology at the Worldwide Securi- 
ties Services division of Citicorp. 


McGarry to Head IT 
At St. Jude Medical 


St. Jude Medical Inc., a manufac- 
turer of medical devices in St. 
Paul, Minn., said WILLIAM J. Mc- 
GARRY is joining the company as 
vice president of IT and CIO. 
Since 2001, McGarry has served 
as vice president of enterprise 
applications at Medtronic Inc. 
Previously, he held executive IT 
positions at General Electric Co., 
Owens Corning, Honeywell Inc. 
and The Pillsbury Co. 


Agriculture Dept. 
Names Combs CIO 


Agriculture Secretary Mike Jo- 
hanns said DAVE COMBS will 
serve as CIO for the U.S. Depart- 
ment of Agriculture. Combs previ- 
ously served as acting ClO and 
acting deputy CIO. He came to 
the office of the CIO in 2003 after 
serving as special assistant to the 
administrator of the Rural Utilities 
Service. Before that, he founded 
and owned Combs Music, an in- 
dependent record company in 
Winston-Salem, N.C. 


ClO Gluscic to Take 
On Supply Chain 


Phelps Dodge Corp. in Phoenix 
said GERALD GLUSCIC will be- 
come vice president of global 
supply chain management and in- 


formation services. Gluscic joined | 


the producer of copper and other 
metals as vice president and CIO 
in 2001. He will continue to over- 
see IT and network systems. 
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BARBARA GOMOLSKI 


UN IT LIKE A BUSINESS. I’m sure you’ve 

heard that edict a lot lately from vendors, 

consultants and fellow IT managers. It 

seems like a no-brainer. Of course it makes 

sense to run the IT function like a busi- 
ness. Many large organizations spend $50 million to 
$100 million on IT annually — that’s a decent-size busi- 
ness. Yet, there’s ample evidence that we IT types 


have been so preoccupied 
with technical issues that we 
have neglected the business 
issues of IT. Not surprising, 
really. If we were that inter- 
ested in business, we would 
have become CPAs or CEOs, 
right? 
Still, one of the reasons IT 
organizations fail to estab- 
lish credibility is that they 
lack good information about 
the business of IT — the 
kind of information IT 
systems help to provide 
for other business units. 
Without solid and accurate 
sources of data about IT sys- 
tems, people and processes, it’s impossi- 
ble for a CIO to have a meaningful con- 
versation about the business of IT. 
Granted, automation is no guarantee 
of process improvement. We need only 
look at ERP to prove that. Still, it seems 
inevitable that IT organizations are des- 
tined to take a healthy dose of their own 
medicine. 


The Wrong Information 


Most CIOs have ample information 


about the operational systems of their IT 


departments — for example, the number 
of help desk calls answered or the num- 
ber of gigabytes of storage added last 
month. The problem is that most of 
these statistics are way below the radar 
of C-level executives. 

At the same time, the kind of informa- 
tion about IT that top executives are 








seeking is simply not avail- 
able. For example, a chief 
financial officer may wish to 
determine how much the 
company spends with a par- 
ticular IT vendor. Or the 
risk officer may need a com- 
plete Sarbanes-Oxley status 
report on all IT systems. 
This kind of information is 
often essential for important 
business decisions. Increas- 
ingly, CIOs who can’t pro- 
vide this level of informa- 
tion to other parts of the 
organization will be seen 

as roadblocks to business 
success. 

All of this leads me to a question: Can 
we ever manage IT as a business if we 
refuse to automate and optimize IT man- 
agement processes with software tools? 

I don’t believe we can. In fact, I would 
argue that we will never “arrive” as IT 
managers until we have the same oppor- 
tunities for automation and data man- 
agement as the other functional heads 
within the business have had. For exam- 
ple, the accountants would be lost with- 
out their financial tools and reports; 
the same goes for human resources and 
even sales. 

Certainly, IT has some software tools 
at its disposal today. Most large organi- 
zations have made significant invest- 
ments in tools for systems and network 
management, asset management and 
configuration management, just to name 
a few. But the bulk of these tools provide 
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technical information that’s more inter- 
esting to the people within IT than to ex- 
ecutives of the corporation. We’ve really 
only scratched the surface in terms of 
how we can use technology to make our 
own jobs as IT managers easier. 


Evolving Tools 

The IT management tool landscape is 
only beginning to take shape, and there 
are lots of companies approaching from 
various starting points. Ultimately, this 
niche will include everything from start- 
ups to industry stalwarts such as Micro- 
soft, which has begun to promote its 
Project Server and .Net platform as a 
mechanism for tying together a spec- 
trum of tools for application portfolio 
management. 

Right now, many vendors are trying to 
evolve their current tools with new ca- 
pabilities aimed at helping IT managers 
take a more business-oriented approach. 
For instance, companies like Adaptive 
Networks, Evident Software, Klir Tech- 
nologies and Relicore offer tools to track 
IT asset usage and costs. In some cases, 
these tools can also be used to track the 
cost and utilization of applications. 

Just about every vendor that offers 
project and portfolio management soft- 
ware is aiming at the IT management 
tool space, hoping to extend the capabili- 
ties of existing packages to encompass 
additional technology management 
processes. 

Other vendors are building suites 
from the ground up to help IT managers 
run their businesses. ITM Software and 
Enamics both have modular suites that 
are aimed at processes such as IT finan- 
cial management and governance. 

Although IT management software is 
a nascent market, it’s one that IT leaders 
should watch carefully. The offerings 
in this market will present them with 
substantial challenges and opportunities. 


@ 57036 
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Control starts with IBM Systems. 


Control the sprawl by physically consolidating your 
servers and storage, putting more power in less space 


Control complexity by pooling systems and managing 
them from a central location. Reducing your number ot 
disconnected servers and storage 


Control costs with servers that partition virtually so 
you can do more with less on a single system. 


Control time with systems and software designed 
to dynamically manage workloads and data storage, 
helping to optimize resources. 


Control your IT destiny with IBM Systems —a range 
of innovative servers and storage that have been designed 
to make your infrastructure and your life simpler. 
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Server and storage products may require purchase of more than one product or feature to enable the virtualization capabilities. These products or features may incur an additional charge. IBM and 
the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the United States and/or other countries. © 2005 IBM Corporation. All rights reserved. 
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A lot of products claim to reduce the complexity and cost of enterprise 
pee meg backup. But one actually delivers—the Scalar® i2000, part of the growing 
iPlatform™ family from ADIC, the leading provider of tape libraries for 
open-systems backup. * 


Embedded intelligence. The Scalar i2000 is the first library to integrate 
advanced management functions—proactive monitoring, built-in partitioning, 
automated diagnostics, and |/O management—so it delivers faster and more 
reliable backup and uses less of your budget, time, and staff. 


Faster resolution, fewer service calls. Smarter diagnostics and dedicated 
service teams mean fewer interruptions and faster resolution. The Scalar 
i2000 requires half the service calls of conventional libraries. And the 
worldwide ADIC service team solves problems before customers see them. 


Capacity on demand. As its name suggests, the Scalar i2000 is designed to 
scale with your storage needs. So you don't have to worry about running out 
of space or paying for more than you need. 


After all, you were hired to use your brains for more important things. 
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Visit www.adic.com/i2k to get your free Aberdeen Group white paper: 
Taking an Intelligent Step Forward in Tape Backup and Restore 
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Intelligent Storage™ 


Available through EMC Corporation, your complete source for information lifecycle 2 
management solutions. Call your local ADIC or EMC sales representative for more information. EMC. 


Copyright 2005 Advanced Digital information Corporation (ADIC), Redmond, WA, USA. All rights reserved. Created in USA where information lives” 
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» Virtual Unity Watchful Eye 
Alberto Cruz Natal, technical manager at Storage resource management Storing Stuff 
Hunterdon Medical Center, moved the tools offer a single window Forget trying to get control over 
community hospital to a centralized storage into the storage network, all the mobile data storage devices 
architecture via a SAN and a high-end Shark allowing users to measure the inside your company. What you need 
array. This storage virtualization setup helps performance of any piece of to do is get control of the data, says 
smooth out capacity crunches. equipment. | columnist Mark Hall. 








EDITOR’S NOTE 


HEN YOU HEAR IT managers 

complain about storage 

problems — whether they 

involve maintenance, 

adding disk drives, provi- 
sioning, load balancing or backup — their 
beefs all fall into one broad category: 
storage complexity. “I define storage 
complexity as the chaos of owning and 
operating thousands of storage ele- 
ments,” says Michael Peterson, president 
and senior analyst at Strategic Research 
Corp. in Santa Barbara, Calif. 

So what can we do about that chaos? 
Various technologies have emerged that 
are supposed to help, such as storage re- 
source management (SRM), storage vir- 
tualization, object-based storage and data 
classification tools. In an unscientific au- 

dience poll at April’s Storage 
Networking World, the vast 
majority of IT managers in 
attendance said they have 
some sort of simplification 
strategy, including SRM, STORAGE 
automated precesses and 
virtualization. Only 15% of the attendees 
said storage complexity isn’t a problem — www. eniricovarrasso.com 
in their organizations. 
Our special report explains how sever- 


e 
al of these technologies can help you bat- 
tle the complexity monster. But, as usual, 
getting to that nirvana of simplicity isn’t 
going to be easy. One technology is ma- 
ture but lacks interoperability. Another 


one is immature and lacks standards. A 
third one is costly and could cause per- 


formance bottlenecks. 

I don’t mean to be a pessimist, but trav- 
eling the road to Simplification will take 
a very long time if we continue to take 
two steps forward and one step back. 


Mitch Betts is executive editor at Comput- 


erworld. Contact him at mitch_betts@ New technologies Can help you 
Ree declutter, untangle and manage 
your storage elements. 
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Storage 
Virtualization 
promises to 
smooth out 





capacity crunches. 


By Mary Brandel 


HREE YEARS AGO, Hunterdon Medical 

Center in Flemington, N,J., could claim one 

server for every two beds in its 176-bed 

facility. But for Alberto Cruz Natal, techni- 

cal manager at the community hospital, 
that was nothing to be proud of. 

“Our data center was overflowing with servers,” 
says Cruz Natal. Worse, each of those servers had its 
own direct-attached SCSI storage device. When a 
server ran out of disk space, IT either had to buy an- 
other server or manually extend the server’s storage 
partitions, a time-consuming and disruptive job. 
Meanwhile, some servers had excess capacity. 

Reconfiguring storage devices wasn’t exactly a 
chore that the IT group could afford to spend so 
much time on. The hospital was preparing to go live 
with a new clinical charting system, which precipi- 
tated a need to migrate the QuadraMed Corp. Affini- 
ty hospital information system (HIS) from its current 
platform — a 5-year-old Unix box from the former 
Digital Equipment Corp. — to a more powerful piece 


RUZ NATAL turned to storage virtualization to get a better handle on his company’s sprawling storage system. 


Virtual 

























Unity 


of hardware. The hospital had also just built a disas- 
ter recovery hot site 15 miles away, but it hadn’t yet 
formalized a strategy to vault its data to that off-site 
location. 

Ineffective capacity utilization, growing data vol- 
umes, labor-intensive storage management, a need 
for better disaster recovery — this classic scenario 
is driving many users today to explore the world of 
storage virtualization. According to John Webster, 
founder of Data Mobility Group LLC in Nashua, 





N.H., data is growing at 60% to 80% or more per year | 


for many companies, and storage administrators are 
spending 20% to 30% of their time on volume man- 
agement tasks. It’s clear that businesses need ways to 
simplify the job of managing all this data, and storage 
virtualization claims to help. 

It does this by making physically separate and even 
heterogeneous storage arrays appear to be a single 
logical pool of storage resources, manageable from a 
central console. The goal is for data to freely flow 





among the various tiers and types of storage, depend- | 


makes heterogeneous stor- 
EVE ee ce eure ca ere meet CR ULL 
can be managed from a single console, easing administra- 
tive tasks such as backup, archiving and recovery. How- 
ever, some question the cost and potential for performance 
bottlenecks in some implementations, and nearly every- 
one agrees that vendors need to get better at integrating 
heterogeneous systems and simplifying deployment. 


ing on business needs, without disrupting the operat- 
ing environment. 

“The single most important attribute of any stor- 
age virtualization solution is the ability to mask com- 
plexity and thereby make manageable that which is 
increasingly unmanageable,” Webster says. 


Simplify, Please 

There’s nothing simple, however, about understand- 
ing all the different forms of virtualization on the 
market today and deciding which one is right for 
you. In Hunterdon Medical Center’s case, the deci- 
sion wasn’t too difficult — its value-added reseller 
proposed that it move to a centralized storage archi- 
tecture via a storage-area network (SAN). Because 
the reseller recommended moving the HIS system 
to an IBM RS/6000 (one at the hospital and one in 
the disaster recovery site), it also made sense to use 
IBM storage in the form of a high-end Shark array 
(one at the hospital and one off-site). IBM and Data- 
Core Software Corp. in Fort Lauderdale, Fla., had an 
agreement to use SANsymphony software to virtual- 
ize the Shark array, so that was added to the environ- 
ment as well. 

When this project was under way in 2003, storage 
heavy hitters IBM, Hitachi Data Systems Corp. and 
EMC Corp. weren’t touting storage virtualization 
products. But now that they are — or, in EMC’s case, 
are close to it — there are so many approaches to vir- 
tualization that it’s difficult to decide what's best for 
your environment (see chart, page 54). 

For instance, some vendors place virtualization ca- 
pabilities on the storage-array controller itself (often 
referred to as array-based virtualization), meaning 
that you purchase both the storage and the virtual- 
ization capability together. Others place it on a serv- 
er (often called appliance-based virtualization) that 
sits between the application server and the storage. 
Still others choose to put it on an intelligent switch 
(called network-based virtualization) that either 
takes an “in-band” approach, where the virtualization 
commands travel the same path as the data between 
the application server and the storage array, or an 
“out-of-band” approach, where the commands and 
the data take separate paths. 

Even individual vendors offer a variety of ap- 
proaches. For example, IBM’s SAN Volume Con- 
troller (SVC) is an appliance-based system that’s also 
available in a switch-based configuration. Mean- 
while, its DS8000 is array-based, along the lines of 
Hitachi’s Universal Storage Platform. EMC’s forth- 
coming Invista is an out-of-band network-based 
Continued on page 54 














ein 





CA software manages 


transactions per day for the world’s busiest public agency. 


At peak workloads, that’s 51,448 transactions per second executed without a glitch 
when CA software automates systems and processes. If your enterprise needs to manage 


critical business transactions across platforms, around the world, with this kind of speed 


and reliability, call a CA representative at 1-888-423-1000 or visit ca.com/didyouknow. 


Simplify 
Automate 


Secure 
© 2005 Computer Associates International, Inc. (CA). All rights reserved 





COMPUTERWORLD Octeber 17, 2005 
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product, which is the newest — and some say most 

promising — type of storage virtualization. 
Although IBM’s SVC currently leads the market 

with 1,200 installations, “the market is still very 

much in a state of flux,” Webster says. 


Up in the Air 

No wonder most customers are still in evaluation 
mode with the technology. According to Tony Asaro, 
senior analyst at Enterprise Strategies Group Inc. in 
Milford, Mass., Hunterdon Medical Center is one of 
only 3,000 companies globally that have implement- 
ed storage virtualization today. 

But Cruz Natal is pretty happy that he did. At first, 
he says, DataCore was “just another part of the sys- 
tem.” Very quickly, however, it opened up a whole 
new world of possibilities. The most important, he 
says, is the ability to put any type of storage behind 
the DataCore virtualizer, including lower-end sys- 
tems based on JBOD, FAStT and Serial ATA. This 
eliminated the need to keep non-mission-critical or 
less-accessed data on the high-end Shark system or 
manually move it to less expensive disk systems. 
“We now have the flexibility to buy different types 
of storage for different types of systems and manage 
it centrally through DataCore,” he says. 

Second, administration and maintenance are much 
less costly, Cruz Natal says. With a few clicks, admin- 
istrators can create storage partitions up to 2TB for 
application servers. SANsymphony monitors the serv- 
er’s actual storage usage, enabling administrators to 
assign more storage to that disk pool on an as-needed 
basis. “We don’t have to extend the partition or create 
a new one,” he says. “We can just buy additional disk 
at a later point in time and assign it to the same pool.” 

And with a third DataCore server and a redundant 
RS/6000 server off-site, the hospital can also mirror 
data to the disaster recovery site, limiting downtime 
to a maximum of two hours. 

Some observers say technologies such as Data- 
Core’s cause performance bottlenecks because of 
their location on the network. Bernard Shen, an inde- 
pendent contractor who specializes in storage archi- 
tectures and server consolidation, argues that, given 
the cost of virtualization products and their perfor- 
mance hit, it can be just as effective in midsize envi- 
ronments to add more disk to the array rather than 
virtualize disparate arrays. 

“In environments with medium to lower high-end 
capacities, I have not seen a true need to put a virtual- 
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ization layer in place yet because of the cost and per- 
formance issues associated with it,” Shen says. Costs 
include the price of the device, training people to use 
it and licensing fees. “If you have two SANs with ITB 
each, you need to pay a license fee for 2TB,” he says. 

Shen also argues that adding a virtualization device 
adds a layer of complexity. “Vendors sell it as a single 
point of management, but that doesn’t mean it’s trans- 
parent to managers,” he says. For instance, in environ- 
ments where even the logical partitions are managed 
by the volume controller, you may not always know 
which disks are working with which servers. “You'd 
know a RAID set has failed, but you don’t know which 
application is using that RAID without looking into 
it,” Shen says. While Shen anticipates improvements 
in the technology nine to 12 months out, right now, he 
says, “I’m not sure that storage virtualization is neces- 
sarily universal for everybody.” 

Cruz Natal says the hospital doesn’t experience 
performance slowdowns because it doesn’t have a 
high volume of transactional data. “Bottom line,” he 
continues, “it doesn’t lock me into what kind of stor- 
age I use, which helps us keep costs in line, and it re- 
solves the issue of training staff to manage the sys- 
tem manually, which lowers maintenance costs.” 

At the same time, Cruz Natal says he’d like man- 
agement tools that give him dashboardlike visibility 
into things such as the status of partitioning volumes 
or the disk pool when slowdowns occur. “Better inte- 
gration of all the tools becomes more critical be- 
cause we have so many systems,” he says. 

Getting training staff to deal with this new archi- 
tecture is crucial, he says. You need at least three 
people: one who’s familiar with how the application 
servers interact with the SAN, one who understands 
the SAN fabric itself and an administrator who 
knows how to create new partitions, move volumes 
around and troubleshoot the virtualization server. 


How to Choose 
Array-based, network-based, appliance-based — the 
fact is, there’s no “best” choice for virtualizing. It all 
depends on what you're looking for. “You have to 
look at what kinds of operations that the virtualiza- 
tion device, wherever it is, can offer you as a user 
and which are most important to you,” Webster says. 
The question is, what’s your pain point? “Some 
people want to slow down their hardware spending, 
and others want to decrease their administration bud- 
get,” Asaro says. Some might want to rearchitect their 
entire storage infrastructure, while others want to im- 
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plement tiered storage in piecemeal fashion, he says. 

Despite general agreement that virtualization 
adoption will take off in the next year and a half, 
everyone agrees that the vendors have to get better 
at integrating heterogeneous systems and simplifying 
deployment. Brad O'Neill, an analyst and consultant 
at Taneja Group Inc. in Hopkinton, Mass., compares 
it to the server virtualization world. “VMware has an 
easy-to-deploy solution with a lot of flexibility,” he 
says. “It has to get to that level.” @ 56891 





Brandel is a Computerworld contributing writer 
in Newton, Mass. Contact her at marybrandel@ 
verizon.net. 
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Data 


Object-based storage 
brings order to 
dissimilar files. 

By Jennifer Jones 
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ERVING AS A SORT OF BOOT CAMP for scat- 

tered data, object-based storage techniques 

thrive in organizations that need heavy 

doses of discipline both to appease hover- 

ing regulators and strengthen internal data 
retention and retrieval methods. 

Here’s how it works: Object-based archiving tech- 
nology corrals disparate data files — documents, im- 
ages, video clips or audio files — into content “ob- 
jects” tagged with metadata to make the information 
searchable regardless of location. Also called con- 
tent-aware or content-addressable storage, the tech- 
nology is still in its infancy but is often hailed as a 
fast and easy way to pool and manage large data sets. 

Right now, object-based archiving is most popular 
in heavily regulated sectors. Particularly drawn to 
the technology are health care and financial services 
organizations grappling with complex statutes such 
as the Sarbanes-Oxley Act’s financial and accounting 
disclosure rules or the Health Insurance Portability 
and Accountability Act. 

But the appeal of object-based storage is reaching 
beyond compliance. “Rapid adoption of this technol- 





| ogy is likely among those corporations concerned 
with regulatory issues or those seeking self-imposed 
discipline,” says Galen Schreck, an analyst at For- 
rester Research Inc. 

“This technology simplifies the application of poli- 


| cies, especially those governing the 


retention of data,” he says. Schreck 
characterizes object-based storage 
as a promising alternative to 
“dumb” storage — network-attached 
storage technology, for instance 
although the technology still lacks 
standards (see story below). 

Indeed, the simplicity of technol- 
ogy is key, agrees Michael Peterson, 
president of Santa Barbara, Calif.- 
based Strategic Research Corp. 
“Complexity is the No. 1 problem of 
enterprise storage efforts,” he notes. “Fortune 1,000 
companies can easily have 300 remote sites per com- 
pany, and they have to start consolidating.” 


Management Benefit 

Providers are hustling to convince corporate buyers 
of object-based storage technology’s added value and 
ability to reduce complexity. “Compliance and legal 
discovery was a factor in selecting an object-based 
solution, but we found that it enhanced our ability to 
effectively manage storage,” says Tom La Voie, Win- 
tel support manager at Pacific Life Insurance Co. in 
Newport Beach, Calif., which uses EMC Corp.’s Cen- 
tera Compliance Edition Plus. 

The New York Botanical Garden (NYBG) is anoth- 
er example of a company looking beyond regulatory 
issues. The Bronx-based nonprofit certainly needs 
to comply with Sarbanes-Oxley provisions. But IT 
executives at the NYBG eyed object-based technol- 
ogy to improve the storage of digital assets tied to its 
collection of 7 million dried plant specimens. 

“Some of these specimens date to Lewis and Clark,” 
says Josh Freeman, NYBG’s IT director. To avoid 
shipping fragile specimens to botanical researchers, 
NYBG has built a vast digital library using the Elec- 
tronic Museum (EMu) system from KE Software in 
Vancouver, British Columbia. But NYBG officials 
hedged on using EMu’s internal storage capabilities. 
“KE is great software and a great database, but every- 
thing it stores, it stores according to its own process 
inside the application,” notes Freeman. 

Ultimately, NYBG settled on Archivas Inc.’s 
Archivas Cluster, which pulls together data stored 
throughout NYBG’s architecture — for instance, on 
FireWire hard drives, in PDF files or on DVDs. “We 
now have one large pool. That has made life easier 
because we have fewer bins that we are dropping 
data in,” Freeman says. 

Good Samaritan Community Health Care in 
Puyallup, Wash., also decided not to commit to the 
storage options found in a single application. The 
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files into content “objects.” 
Tagged with metadata, the data 
is searchable regardless of its 
location. But for now, the storage 
industry lacks standards for the 
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facility recently adopted a picture archive and com- 
munications system to generate and manage large 
image and video files. “But we decided to design 
storage services separately,” says Eric Lowe, Good 
Samaritan’s technology and operations manager. 

Using Permabit Inc.’s Permeon Compliance Store 
package, Good Samaritan was able to meet its need 
for massive storage capacity — a chest scan alone 
consumes SMB to 1OMB — and address the complex 
formulas the entire health care industry must em- 
ploy for data retention. “For example, a chest CT 
scan must be kept for a minimum of 10 years, but in 
all pediatric cases, the files must be kept three years 
past the point at which the patient 
turns 21,” Lowe explains. 

For Lowe and others struggling 
with such data-retention mandates, 
object-based storage can make life 
easier, says Forrester’s Schreck. 
“The technology simplifies the ap- 
plication of policies,” he says. Plus, 
these systems impose hardware- 
level enforcement of the policies, 
Schreck adds. 

Enforcement is critical, especial- 
ly in sectors such as financial ser- 
vices. “For e-mails and other documents to be admis- 
sible in court, you must be able to prove that items 
have not been tampered with,” says Richard Hall, 
group IT manager at Coda Financials Inc., a provider 
of accounting and procurement systems in Manches- 
ter, N.H. Coda uses Hewlett-Packard Co.’s Reference 
Information Storage System. 

Whether it’s to make a case in court or simply to 
shore up existing storage methods, object-based 
technology may well be worth a look. @ 56885 





Jones is a freelance writer in Vienna, Va. Contact 
her at jjwriterva@aol.com. 
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architectures is also increasing. 
George Rodriguez, lead systems 
programmer at ABC Distributing LLC 
in North Miami, Fla., oversees the 
catalog and online retailer’s IBM En- 
terprise Storage Server 2105 Model 
F20 storage array, which services a 
z800 mainframe as well as Unix 
servers running Oracle Financials. 
“The amount of storage available to 
the system is 4.3TB,” he says. “With- 
out an automation tool, managing this 
amount of storage would be an im- 
possible task.” 
TORAGE Is getting very Lacking tools to gain visibility into 
cheap. Even a home user and control over storage, the compa- 
can get a l1TB LaCie external | ny was running out of space, and that 
desktop drive for less than was causing delays in batch proc- 
$1,000. The bad news is essing. A year ago, Rodriguez in- 


helps keep an eye on storage 
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load by bringing several storage man- 
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face. Complex and costly when first in- 
troduced to the market, SRM is now 
simple to use. Its main challenge is a 
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hardware and software products. 


that because storage prices have fall- 
en so sharply, capacity is growing 
60% to 100% annually, so the amount 
of capacity each storage administra- 


stalled BrightStor CA-Vantage, a stor- 
age resource management (SRM) tool 
from Computer Associates Interna- 
tional Inc., to provide a common in- 


tor needs to manage is going through | terface for both the z800 and Unix 
the roof. The complexity of storage Continued on page 60 
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storage. On the z800 side, he uses the 
software to manage the storage groups 
defined in the system using the Web 
publishing scripts that come with CA- 
Vantage. He also uses it to extract data 
generated by CA's BrightStor ARC- 
serve backup utility to produce reports 
validating the backup results. Ro- 
driguez says he set up the CA-Vantage 
graphical user interface on his own in 
less than a day, without any special 
training on the product. 

“Setting up my own views took a lit- 
tle longer but was well worth the ef- 
fort,” he says. “Once you start using 
the facilities of the product, you can 
set up the same look and feel on both 
the mainframe and open-systems 
sides.” 


Simpler Storage 

SRM can improve the efficiency of 
storage use and reduce the manage- 
ment load by bringing a number of 
functions into a single interface. Some 
SRM tools are stand-alone products, 
but SRM features are also found in 
some management applications. Func- 
tions vary by product, but they can 
include data collection, backup and 
recovery, user authentication, provi- 
sioning and performance monitoring. 

“SRM is very useful as a capacity 
management tool, since it is the only 
tool that can do discovery of data char- 
acteristics for information life-cycle 
management, capacity management or, 
in some cases, change management,” 
says Michael Peterson, president of 
Strategic Research Corp. in Santa Bar- 
bara, Calif. “By themselves, they don’t 
reduce complexity, but they do offer a 
view into an area that is hard to get 
your hands around, especially for un- 
structured data.” 

In fact, while SRM tools are de- 
signed to help reduce complexity, the 
complexity of the tools themselves 
hampered early adoption. 

“In the past, SRM was trying to bite 
off too big a chunk for most to swal- 
low,” says Steve Duplessie, an analyst 
at Enterprise Strategy Group Inc. in 
Milford, Mass. “It was too expensive 
and did so many things that no one 
could really use it.” 

That’s no longer the case. According 
to figures issued by market research 
company IDC last month, the world- 
wide storage software market has ex- 
perienced double-digit growth, hitting 
$2.1 billion in the second quarter of this 
year, an 11.8% increase over the previ- 
ous year. SRM sales represented about 
one-third of that overall figure. Part of 
the growth is a result of SRM follow- 








Defining the Storage Path 


ing the path taken earlier by ERP and 
framework packages: Products are be- 
ing broken down into smaller modules. 

“Forty-five percent of larger enter- 
prises have already adopted some 
SRM somewhere in their world, and 
20% more will do so this year,” says 
Duplessie. “SRM will take off now that 
it is cheaper and simpler and geared to 
where the midmarket can afford and 
implement it.” 


Retention Policies 


Chris Meredith, manager of technical 
services at Lincare Holdings Inc., a 
$1 billion company in Clearwater, Fla., 
that provides oxygen and respiratory 
services for in-home patients nation- 
wide, says he, too, found it easy to set 
up an SRM tool. It took Meredith three 
to four hours to install the Northern 
Storage Suite from Northern Parklife 
AB in Stockholm. He uses it to manage 
4.5TB of storage at Lincare’s headquar- 
ters and another 30TB at its primary 
pharmacy facility in Kansas City, Mo. 

“With Sarbanes-Oxley and HIPAA, 
future retention of certain types of in- 
formation became more relevant, so 
we decided to take a proactive ap- 
proach,” Meredith says. “We wanted to 
start limiting users on how much stor- 
age they could use and start imple- 
menting retention policies before it 
became a problem.” 

He’s currently using the Northern 
software to limit storage shares, setting 





a 15OMB cap on users’ home directo- 
ries. When users get close to that limit, 
the SRM system sends them an e-mail 
telling them where to go to view their 
files and delete anything they no 
longer need. 

“An added benefit we have seen is 
that people no longer hoard informa- 
tion in their home directories,” says 
Meredith. “When we started putting in 
hard caps on their home directories, 
they started moving that information 
into a place such as a departmental 
share where more people can access 
that information.” 

Lincare has saved money with SRM 
by cutting down on the amount of 
storage capacity needed. Meredith has 
been able to block employees from 
saving MP3 data, for example, and as 
they move files to department shares, 
there are no longer multiple copies of 
the same document stashed in differ- 
ent home directories. He has also 
found it useful for capacity planning to 
have accurate information on what’s 
being stored. “If I hear another manag- 
er saying that he will need additional 
capacity, I can go into a meeting and 
say that I ran a report which shows 
that 60% of the data is stale,” Meredith 
says. “Rather than having to buy [stor- 
age-area network] space, we can just 
archive the data.” 

While Lincare is now using the 
Northern suite just on users’ home di- 
rectories, Meredith says he plans to 





www.computerworld.com 


use it for Exchange and database files 
as the company continues to develop 
its retention policies. 

“Overall, the software gives me a 
better snapshot of how we are using 
storage from an enterprise level,” says 
Meredith. 


Multitier Management 

Lincare uses its SRM tool to manage a 
single storage tier. Credit reporting 
firm Experian Information Solutions 
Inc., on the other hand, has more than 
115TB of three-tier storage at its data 
warehouse in Schaumburg, Ill. 

Tier 1 is EMC Corp. DMX-type disks 
holding primary databases. Tier 2 con- 
sists of EMC Clariion CX700 disks and 
146GB drives for Exchange and file 
servers and other processes that are 
less I/O-intensive than the databases. 
Tier 3 is network-attached storage 
(NAS) disks or slower ATA disks used 
for flat files or files that are being 
transferred from mainframes to dis- 
tributed computing. 

“It was tough to manage and keep 
track of how it was all allocated in or- 
der to keep the costs in check,” says 
architecture expert Ernie Demers. “It 
was a burden on our operations people 
who had to spend time manually creat- 
ing reports by going to each server to 
see which file system it had and what 
percentage was being used.” 

To cut the management load, two 
years ago, Demers had EMC install its 
ControlCenter multivendor SRM suite 
on a Dell server. And Experian recent- 
ly upgraded to Version 5.2 on its own. 
Like Meredith, he says the SRM has 
more features than his staff can use. 
But as they learn more, they'll use 
more. For example, Demers is using 
the reporting functions to allocate 
space more efficiently and to put to- 
gether the business case for buying 
more storage. But he isn’t using it to 
migrate files from tier to tier. 

“Tt wouldn’t be bad to get to that 
point in the future, where we would 
have a true well-oiled machine as 
regards tiering,” Demers says. “But 
we have a little work to do before we 
get to that point.” 

Nevertheless, the software has al- 
ready greatly cut down on the manage- 
ment workload. Experian used to have 
three to four people helping out. “Now 
we have over LIOTB managed by one 
storage admin,” he says. “That is pretty 
phenomenal considering the type of 
data we have and the different types of 
data storage.” @ 56973 


Robb is a Computerworld contributing 
writer in Los Angeles. 
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Cleanin 
Out the 


Data classification 
tools offer policy- 
based management 
of data, freeing up 
primary storage. 

By Lucas Mearian 
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ATT DECKER, an IT manag- 

er at the National Nuclear 

Security Administration, 

knew he couldn’t contin- 

ually add expensive high- 
end storage arrays to keep up with the 
agency’s 40% annual data growth rate. 
And manually deleting recycle bins 
and temp files wasn’t freeing up 
enough space. 

“When data keeps growing, you sud- 
denly become a slave to it,” he says. 

Decker wanted to see the type of 
data that was filling up his high-end 
disk, so he could rate the value of it 
and determine where and how he 
should move it to cheaper storage 
media, either online or off-line. 

Enter Mountain View, Calif.-based 
Arkivio Inc., which Decker hired two 
years ago to perform a data audit. He 
was shocked at what Arkivio found: 
The majority of the stored data was 
duplicate files, temporary files and 
e-mail attachments — 3.5TB of it. “If 
someone sent an e-mail to me with an 
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FUNC 
matically tag data prior to backup and 
use a policy engine to determine how 
to store it based on its importance to 
the business. But most of these tools 
address only unstructured data, like 
that created by e-mail and file-serving 
PY er MMLC eect 


attachment I thought was neat, I’d save 
it, and so would everyone else who got 
it,” says Decker. 

Now, using Arkivio’s Auto-xplor 
tool, Decker can automatically tag that 
data before it’s backed up and set a 
policy engine to determine how to 
store it based on its importance. 

“The software and hardware was ex- 
pensive. But the way I see it... at our 
growth rate, it was going to be that 
much more expensive later,” he says. 
“I’m looking at a material cost avoid- 
ance of close to $1 million in six years.” 





CAN YOU HANDLE ALL THE DATA THAT’S COMING YOUR WAY? 


Introducing midrange storage with high-end functionality. We know what you're up against, and it’s a lot. An explosion of data, a complex infrastructure, 
and limited resources. Our new midrange modular storage solutions help you tackle these issues and more, Three cost-effective solutions: the Network Storage 
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This sort of data classification, 
or tagging, used to be manual. But 
many start-up vendors are now selling 
tools that place agents on application 
servers to search volumes. The classi- 
fication software then creates reports 
on those volumes and places that in- 
formation in a database that can be 
searched. 

For example, data classification soft- 
ware has fields such as “date created” 
and “date last accessed” and performs 
searches based on keywords. Adminis- 
trators can then create policies that 
will determine where data should be 
stored once it’s classified. 

Companies such as Arkivio, Njini 
Inc. in London, Kazeon Systems Inc. in 
Mountain View, Calif., and StoredIQ 
Corp. in Austin have been early to 
market with software that can classify 
and store data across multiple applica- 
tions, such as e-mail and file servers. 

Carolyn Dicenzo, an analyst at Gart- 
ner Inc., says e-mail is the No. 1 offend- 
er for eating up space on primary stor- 


Controller, Adaptable Mod 
our TagmaStore platform 
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age arrays. Text files are No. 2. And 
this data can be risky to hold on to: 
When stored longer than necessary, 
e-mails can be difficult to wade 
through for legal discovery purposes 
and expose a company to litigation. 

To date, data classification vendors 
have almost exclusively offered prod- 
ucts for handling unstructured data, 
such as e-mail and text files. Structured 
data in databases doesn’t need to be 
categorized, but there’s a growing need 
to index that data so it, too, can be 
searched. The only company currently 
addressing structured data indexing is 
CopperEye Ltd. in Wiltshire, England, 
with its Greenwich software, says Steve 
Duplessie, an analyst at Enterprise 
Strategy Group Inc. in Milford, Mass. 


Compliance-driven Effort 
CDW Corp., a $5.7 billion technology 
reseller in Vernon Hills, Ill., expects 
to spend more than $1 million on the 
hardware and software needed to im- 


plement a data classification and tiered | 


storage architecture. The goal is to 
better manage up to 250TB, much of 
which is on primary storage. 

“For Fortune 500 companies, compli- 
ance issues have been a big deal for us 
this past year. All that turned our at- 
tention to records management and 
[information life-cycle management],” 
says K.C. Tomsheck, senior director of 
IT operations at CDW. 

Tomsheck began implementing the 
data classification project in June. In 
the first phase, his legal department set 
policy definitions for how to treat dif- 
ferent types of data. The project man- 
agement office classified the data in 
the second phase, and in the final 
phase, the network engineering group | 
will identify the technology to support | 
a tiered storage architecture. 

Tomsheck says the company’s pri- 
mary and backup data centers are both 
centrally located in Chicago, which 
helps tremendously in his data classifi- 
cation effort. “Databases, e-mail, file- 
shared documents, including unstruc- 
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tured data 
across two locations. That helps that 
we have data in one primary point and 
can evaluate it from there,” he says. 

The company purchased 12 EMC 
Corp. network-attached storage (NAS) 
arrays, including the Centera content- 
addressed storage array. If all goes as 
planned, about 1SOTB of data will be 
removed from primary storage arrays 
and placed onto the secondary NAS 
arrays. “We look at it as a ‘pay me now 
or pay me later’ proposition,” says 
Tomsheck, who’s hoping for a return 
on his investment in three to four 
years. 


— it all resides on storage 


Duplessie notes that the cost of data 
classification isn’t usually in the tech- 
nology itself, but rather in the time 
spent determining how to categorize 
and classify the data. 

As part of his strategy, Decker pur- 
chased an EMC Centera content- 
addressed storage array in order to 
archive e-mail and files online so end 
users can still access the data. @ 56978 


ne Workgroup Modular Storage. Each built to meet unique application requirements. Each with high-end functionality from H 2 i ACH { 
(Hitachi midrange modular storage,and how we can be your Partner Beyond Technology, visit www.hdscom/modular 


DATA SYSTEMS 





COMPUTERWORLD October 17, 2005 


Storage Vitals 
What are your greatest 
storage management needs? 


Information life-cycle 
management 


Storage resource 
management 


15% ’ 

| 
Regulatory- | Storage 
compliant archiving tools virtualization 


SOURCE: Storage Networking World audience 
survey results, April 2005. Audience members 
were polled during select sessions; registered 
attendees totaled more than 2,700. 


Storage Heavyweights 
Revenue for worldwide storage soft- 
ware in the first quarter of 2005: 


| $445M 


SOURCE: IDC Worldwide Quarterly 
Storage Software Tracker 


War Against Complexity 
Which statement best describes how 
you address storage complexity? 


Implementing new and ne 
betterSRMandSAN — “"orageaulomavon 


management processes 


Storage 


Hiring mor 
complexity is areas 


technical support 
. : 
not an issue at and implementa- 
my organization tion services 
Implementing new 
virtualization technology 


SOURCE: Storage Networking World audience 
survey results, April 2005. Audience members 
were polled during select sessions; registered 
attendees totaled more than 2,700. 
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MARK HALL 


Storing Stu 


LL END USERS HAVE lots of different stuff on their computers. And data stor- 
age managers should have a plan for every bit of it. 

Sounds simple. But it’s not. If anything, it’s getting more complex, maybe 
to the breaking point, beyond where IT can have a semblance of control of its 
total corporate storage environment. 

Before you can claim to know what your data storage environment is, you need to know 
where all the information is going. Wouldn’t that fall under the vague and menacing Section 
404 of the Sarbanes-Oxley Act, which calls for having “internal control over safeguarding 
of assets against unauthorized acquisition, use or disposition. . . .”? Yet, how can CIOs seri- 
ously tell their bosses that they have full knowledge, let alone control, over who stored 
what corporate data where? People load contact lists onto iPods, they file sales-letter 


templates on Windows mobile handhelds, they save 
sensitive e-mails on BlackBerry devices, and they keep 
who-knows-what on laptops. Some of these devices 
are issued by the company. Most are not. Some store 
only data defined by IT policy. Most store all that in- 
formation and much more. This is control? 

It’s not a very funny situation. But the 
best way to understand the scope of the 
problem is to take a lesson from one of 
George Carlin’s comic routines, “A Place for 
My Stuff.” (For those of you who have for- 
gotten the monologue, here’s a Web site 
with a refresher: www.writers-free-reference. 
com/funny/story085.htm.) 

Carlin starts off by observing that a house 
“js just a pile of stuff with a cover over it.” 

Then he says when you go on vacation, you 

pack some suitcases. “You gotta take a 

smaller version of your house,” he says. “It’s 

the second version of your stuff.” As he pro- 
gresses through the long gag, Carlin talks 

about how we use increasingly smaller and 
smaller containers for our stuff, until he gets down 
to the stuff we can, um, stuff into our pockets. 

Carlin’s containers for his “stuff” are analogous to 
the modern end user’s data repositories in today’s 
business. People are more than willing to carry less 
stuff in order to be mobile. But they definitely need at 
least some of their stuff. So, the best storage managers 
should try to accommodate how people want to tote it 
around. 

That means you need to offer multiple ways for end 
users to store mobile data. One size doesn’t fit all. 
(Seven different iPod configurations, from SOOMB to 
60GB in capacity, seem to bear this out.) Whether it’s 
the BlackBerry 7270 of today or the upcoming Nokia 
770, powerful, high-performance, high-capacity mobile 
devices are proliferating among your end users and 
outside of IT’s purview. 

As Frank Hayes wrote in “Got Gadgets?” [QuickLink 
a7280] five years ago in these pages, you can’t win 





against the tide of faster, cheaper, better mobile units 
with increasingly capacious storage systems. Don’t 
fight it. Frank’s advice is to recognize who the gadget 
freaks are and help them with their new toys, especial- 
ly when they want to connect them to corporate data 
stores on the network. He says spending a little time 
with these people upfront is better than 
having to clean up their messes later. 
Frank’s advice made perfect sense five 
years ago, when, as he wrote, you were 
dealing with Handsprings, Jornadas, 
Cassiopeias and other carcasses in today’s 
mobile market. And it’s still sound advice 
today. But I think it could use a little 
tweaking. 
Today, you have to let end users carry 
their stuff on the device of their choice. 
Whatever it is. Don’t try to create a corpo- 
rate standard. There’s no point. (Besides, 
whatever you put in their pockets today is 
the Cassiopeia of 2007.) Whatever you in- 
vest in will be superseded many times over 
by the time your chief financial officer lets you fully 
depreciate and upgrade the devices. 

No, don’t regulate the device; regulate the data- 
collection process. In the first place, the data is what 
it’s all about, not the thingamajig. And since it’s unlike- 
ly you can stop people from doing what comes natu- 
rally with their stuff, you need to persuade them to 
share it with you. 

Here’s what I suggest. Start a contest at work. Have 
people bring in any and all devices that they’ve stored 
company data on — cell phones, PDAs, thumb drives, 
everything. Have prizes for the most devices, the old- 
est device, the most data stored, the least. Whatever. 
Lots of prizes. Good ones, too, like iPod Nanos. 

Take the devices and download the corporate data 
from all of them. Give them back to your end users. 
Hold the contest every year. You'll be doing the com- 
pany a favor and making friends in the process. 


@ 56889 
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CHANGING THE LANDSCAPE OF 
BUSINESS INTELLIGENCE? 


| Integrating financial management and BI to create the first Business Performance Management system 


>ERION SYSTE 


Now you can attain performance visibility and take immediate action to solve 
business problems with the new Hyperion System 9. Built as a single modular 

a ok 5 a i i VISIBILITY. 
system, Hyperion System 9 increases productivity while reducing risk and TCO. 000 


> . - aed 7 ‘ . oO oO PERFORMANCE. 
It’s straightforward for IT to integrate with database and transaction systems. SUCCESS: 


Hyperion 


And it’s even simpler for end-users to learn and use. See the launch webcast: 


www.hyperion.com/launch 
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IT Careers: SBC Attracts Hispanic IT Pros with Opportunity 


ispanics make up 5% of the information 

technology workforce across the United States. 
SBC, formerly Southern Bell, is pushing the envelope 
to hire a workforce that reflects its customers. The 
result: 6.4% of SBC IT employees are Hispanic. 


Gary Fraundorfer, vice president-human resources, 
says that overall 13% of the company’s employees 
are Hispanic and 51% of the new hires in 2004 were 
people of color. It's no simple equation to beat the 
national odds, particularly when there has been little 
change in Hispanic representation among IT workers 
nationwide over the past six years. 


According to Information Technology Association of 
America's Diversity Study, released earlier this year, 
the data has not changed over the past five years. The 
percentage of Hispanics earning IT degrees since 
1999 remains unchanged and was, in fact, outpaced 
by non-resident aliens earning IT degrees. 


“Our future employees are members of the 
communities we serve today and, in reaching out to 
them now, we strengthen our ability to attract and 
recruit the very best,” Fraundorfer says. The company 
uses web-based recruiting tools that touch nearly 30 
different diversity sites for job seekers. “We also 
acknowledge Hispanic professional organizations as 
high potential Hispanic recruiting channels,” 


COMPUTER 
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PowerBuilder : 
Skills To WE? Iroquois 


Iroquois Pipeline Operating Company has a challenging 
position for results oriented individual with extensive experience 
in client-server system development and maintenance. Provide 
technical expertise and advice in complex systems analysis and 
design. Technologies include PowerBuilder, SCADA, Sybase 
DBMS, SQL, Unix, and Data Communications network 
protocols, components and operations. 


Requires a B.S./B.A. in CS or Engineering or related degree and 
commitment to support 24x7 operations. This position will be 
safety sensitive as defined by the US DOT and subject to random 
drug testing. 


Competitive salary and excellent benefits provided. 


Interested candidates email resume w/salary history to 
Human Resources Dept, IROQUOIS PIPELINE 
OPERATING COMPANY, One Corporate Dr, Ste 600, 
Shelton, CT 06484, Fax: 203-925-8544 
or E-mail: employment@iroquois.com 


For further information visit WWW. IROQUOIS.COM 


Equal Opportunity Employer 


Goldman Sachs & Co. 


Senior Analyst/Developer - New York, NY - Design, develop, test & imple- 
ment applications to support various divisions. Required: Bachelor's in 
Computer Science or Engineering or related field plus 5 yrs progressive 
exp in offered position or as systems analyst. Exp must include develop- 
ing data warehouse applications utilizing Sybase !Q as a Client Relation- 
ship Management application & project management exp developing & 
supporting applications utilizing Perl and Java on Unix & Windows plat- 
form. Job Code: TECH082105SAD 


AnalysUDeveloper - New York, NY - Develop real time middleware soft- 
ware components to serve data distribution platform. Required 
Bachelor's in Computer Science, Engineering, MIS or related field plus 2 
yrs exp in job offered or as software analyst. Prior exp must include devel- 
opment of operating system level components for real time infrastructure’ 
utilizing C/C++, UNIX, & TCP/IP. Job Code: TECHO81405ADNY. 


Analyst/Developer - Jersey City, NJ - Design & develop back office appli- 
cations for multiple global derivative clearing houses. Required 
Bachelor's in Computer Science, Engineering, or related field plus 1 year’ 
exp in offered position or as systems analyst. Prior exp must include uti- 
lizing MQ Series and client server architecture design. Job Code: 
TECHO080705ADNJ 


Apply: https://goldmansachs recruitmax.com/eng/candidates using “Build 
Your Profile” option. Candidates must provide salary requirements in 
“Target Compensation” fieid & specify Job Code in "Specific Type” field 
NO PHONE CALLS PLEASE 


Fraundorfer says, pointing to the Hispanic Alliance for 
Career Advancement and the National Society of 
Hispanic Professionals. The company has established 
recruiting partnerships with colleges and universities 
in Texas — UT-San Antonio, UT-Dallas, UT-Austin, 
Texas A&M, Southern Methodist, Texas State and 
Texas Tech. "We also partner with the SBC employee 
networks, such as the Hispanic Association of 
Communication Employees of SBC to reach out to the 
Hispanic community through education and training 
in various areas, from career goal-setting to resume 
writing and interviewing skills,” he adds. 


The bottom line, however, is that Fraundorfer and SBC 
look at diversity as an essential ingredient to 
business success. "We succeed when we recruit and 
hire the very best talent and give employees options 
for career development and advancement,” he says. 
"IT Services at SBC employs more than 15,000 
managers, associates and contractors, making it one 
of the largest IT organizations in the country. One out 
of every five SBC managers is an IT services 
employee.” The group provides application 
development and data center, billing and payroll 
operations for the entire enterprise from 100 cities 
across the country. The primary locations are in San 
Francisco, New Haven, Chicago, Detroit, St. Louis, 
Cleveland, Milwaukee, Dallas and Houston. 


Fixed Income Developer. Chica- 
go, IL. Responsible for writing 


(SS Consultantnet LLC, - Plains- 
boro, NJ) Software consulting 


IT Services was a key partner in winning SBC's second 
ClO Magazine Enterprise Value Award for the 
Equipment Capacity Optimization Systems network 
planning application suite. 

Recipients of Undergraduate Degrees in Computer Science, 


Engineering and Engineering Related Technologies, 2001-2002, by Race 


Non-resident 
Hispanic 5% alien 7% 


Native 
American 1 


Asian 13% 


Source: ITAA/U.S. Department of Education, National Center for Education 
Statistics, Integrated Post Secondary Education Data, fall 2002 survey 


Racial Diversity in the IT Workforce 1996-2004 


Source: ITAA/Bureau of Labor Statistics Current Population Surveys 
estimates, except for 1996 estimate of Asians in the IT workforce, which is 
National Science Foundation 


For more information about IT Careers advertising, 
please call: 800.762.2977 
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Senior Developer needed by 
Southwest Airlines Co., Dallas, 


SQL Server Database Ad- 
ministrator/Developer for 


and maintaining real-time busi- 
ness applications in C++ on 
Linux for use within the Fixed 
Income business suite. Respon- 
sible for learning the existing 
suite of applications that are 
used on the desk, understanding 
their architecture and analytics. 
and taking over the sup 
development of these applica- 
tions. Develop and deploy next 
generation applications and 
tools for fixed income to support 
the MBS, Government and FX 
trading systems. 


Qualifications include a mini- 
mum of a Bachelor's degree in 
Computer Science, Engineering 
or a related quantitative field or 
the foreign equivalent. Must 
have three (3) years of relevant 
experience. Must have prior ex- 
perience utilizing C++ in Unix/ 
Linux environment 


Qualified candidates should su- 
bmit a cover letter and resume 
job reference R-0028, to 
itjobsO028@citadelgroup.com 
Principals only need apply. 
CITADEL IS AN EQUAL OP- 
PORTUNITY EMPLOYER 


TECHNOCREST SYSTEMS. 
INC. - West Dundee, Illinois 
Seeking a Computer Support 
Specialist to provide technical 
assistance to computer systems 
users in person, via telephone or 
from remote location. Travel to 
client office work stations to han- 
die troubleshooting and repair’ 
and perform warranty services 
for DELL, Compaq, Apple and 
IBM desktop and laptop comput- 
ers. Requires Bachelor's degree 
in Computer Science or Elec- 
tronic Engineering. Send Resu- 
me to: Human Resources, 
Technocrest Systems, inc., 3125 
S. Pickwick Place, Springfield, 
MO 65804 job code: TSI0592 


company seeks Programmer 
Analysts to Analyze, Plan, Des- 
ign, Develop programs, applying 
knowledge of programming 
techniques and computer sys- 
tems. Evaluate user requests for 
new or modified computer pro- 
grams to determine feasibility, 
cost and time required, compati- 
bility with current system, and 
computer capabilities. Skills 
required: Windows, Unix, Sun 
Solaris, Linux, C, C++, VC++, 

Basic, Java 

SAS, AS400, Oracle 
forms, Oracle Financials, ASP. 
Net, VB.net, COM, DCOM, Plum 
tree, JD Edwards, Peopie Soft. 
SAP, Bachelor's Degree or 
Academic equivalent in Com 
puter Science, CIS, MIS and two 
years of experience as Systems 
Analyst, Software developer. 
required 9-5, 40 hrs/week. Send 
resume to attn: HR, email to 
brmanager@ssconsultantnet.com 


IT company in Lisle, Illinois 
seeks a Software Architect to 
architect, research, design 
and implement distributed 
application and infrastructure 
software using the Globus 
Toolkit. Will lead a small engi- 
neering team in software 
implementation and testing 
using Java and C. Require a 
BA in Computer Science or 
related engineering degree & 
5 yrs of experience in archi- 
tecture, design, and imple- 
mentation of distributed appli- 
cation and infrastructure soft- 
ware; using and implementing 
the Globus Toolkit; and exten- 
sive systems programming 
experience in Java and C 
Please email resume and 
cover letter to Bob Mandel at 
mandel@univa.com. EOE. 
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TX: Responsible for applica- 
tion development & system 
admin for web based UNIX & 
Windows applis. Requires Ma- 
sters in Electronic Commerce: 
or Comp. Science, and 3 years 
exp in application development 
& system administration for 
web applications using Docu- 
mentum, XML & J2EE. To 
apply, mail resume to Sandra 
Housouer, Southwest Airlines, 
Dept 4GC, PO Box 36611 
Dallas TX 75235; refer to Job 
#19-J on resume 


Schaumburg, IL: Will be 
responsible for complete 
life cycle of the projects 
using various skills. Bach- 
elors Degree, with 2 years 
experience required. Com- 
petitive Salary, 40 hrs. a 
week. Send resume ( 
Calls) to Attn: HR Manager, 
Integrated Business Group, 
1325 Remington Rd. Suite 
#K, Schaumburg, IL 60173- 
4815 


IT Careers editorials cover 


PTeL ae) ey 


s in the 


following industries: 


Healthcare 
Security & Defense 


Finance 


Biotech/Pharmaceutical 
Insurance 
Diversity 
Consulting 
Telecom/Wireless 
Manufacturing 
And many more.... 


Our readers include the qualified 
IT professionals that your 
company is looking for. 





For more information, 


contact us at: 
800-762-2977 
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HCFS in Addison, TX 
is seeking Web De- 
veloper. Must have 
BS in CS or MIS & 
6mo. exp. in dsgn & 
dvip web appin using 
ASP.NET; cover acc. 
from ASCHII & 
EBCDIC by ORW32 
& data junction. Fax 
resume to HR @ 
972-720-0381. 


Electronic 
Engineering Manager 


Requires Bachelor of Science 
or Engineering and 5-year 
exp. in position offered or as a 
Design Engineer or Electronic 
Engineer. Job site at 8270 
Willow Place North, Ste. B- 
150, Houston, TX 77070 
Please mail resume to Delta 
Products Corp 4405 
Cushing Parkway, Fremont 
CA 94538. Attn: R. Sahakian 


Software Eng Design, code 
test, maintain & document soft- 
ware applications for Client and 
Server sides business opera- 
tions. Requires B.S. Computer 
Science or related field; 2 yrs 
exp Computer Applications 
Developer; & knowledge of 
Struts on Client & Server sides 
(JSP with Custom Tags, Entity 
EJBs, JMS, UML & Together J) 
On call assignments 24/7 
Position in St. Louis area 
Resumes to J.V.L., Crawford 
Group, 4680 Technology Dr., St 
Charles, MO 63304 or email to 
jan.m.vitale@erac.com 
Reference job 20713 


TECHNOCREST SYSTEMS 
INC. Phillipsburg, NJ Seeking a 
Computer Support Specialist to 
provide technical assistance to 
computer systems users in per- 
son, via telephone or from 
remote location. Travel to client 
office work stations to handle 
troubleshooting and repair and 
perform warranty services for 
DELL, Compaq, Apple and IBM 
desktop and laptop computers. 
Requires Bachelor's in Electron- 
ics. Send Resume to: Human 
Resources, Technocrest Syst- 
ems, Inc. 3125 S. Pickwick 
Place, Springfield, MO 65804 
job code: TSI0740 


ATTENTION 


at 
IT Consultants 
Staffing Agencies 


Place your 
Labor 
Certification ads 
here! 
Are you frequently placir 


legallimmigratior 
advertisements? 


Le help you put together a 
cost effective program that will 
make this time-consuming 
task a little easier 


Cali 
800-762-2977 
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Computer/business professionals for permanent positions with short & 
long term assignments to various unanticipated locations throughout USA 
for software & services consulting company headquartered in Mountain 
View, CA: 


Business Development Managers 
| (BDM100) -BA in BusAdmin, Finance or Acctg. + 2 yrs exp 
It (BDM101)- BA in BusAdmin, Finance or Acctg. + 5 yrs exp 
I! (BDM102)- MBA + 2 years exp 
Business Development Managers ( ERP) 
| (BDMERP103)-BA BusAdmin or Fin/Acctg. + 2 yrs exp; exp w 
packages 
lt (BDMERP104)-BA BusAdmin or Fin/Acctg. + 5 yrs exp; exp w 
packages 
Ili (BDMERP105)- MBA + 2 yrs exp; exp w/ ERP packages 
Business Systems Analysts 
(BSA106) 2 yrs exp as BSA 
Il (BSA107)- BA Bus Adinir: or Fin/Acctg or equiv + 2 yr: 
Ill (BSA108)- BA Bus Admir: or Fin/Acctg or equiv + 5 yrs e 
IV (BSA109) MBA or MA in =in/ Acctg + 2 yrs exp as BSA 
Technical Business Systems Analysts (BSA w/technical focus 
(TBSA110) 2 yrs exp as BSA 
\| (TBSA111) BS in CS or Eng. or equiv + 2 yrs exp as BSA 
ll (TBSA112) BS in CS or Eng or equiv + 5 yrs exp as BSA 
V (TBSA113) MS in CS or Eng + 2 yrs exp as BSA 
Software Engineers 
| (SE114) BS in CS or Eng or equiv + 2 yrs exp 
Ill (SE115) BS in CS or Eng + 5 yrs exp 
\V (SE116) MS in CS or Eng + 2 years exp 
Database Administrators 
(DBA117)- BS in CS or Eng or equiv + 2 yrs exp 
lt (DBA118)-BS in CS or Eng + 5 yrs exp 
Data Warehouse Architects (develop data mode 
mart/warehouse) 
| (DWA121)-BS in CS or Eng or equiv +2 yrs exp 
Il (DWA120)-BS in CS or Eng +5 yrs exp 
V (DWA119)-MS in CS or Eng + 2 years exp 
e-Architects (pian & monitor IT projects, provide tech 
vise team) 
| (EA124)- BS in CS or Eng or equiv +2 yrs exp 
il (EA123)-BS in CS or Eng +5 yrs exp 
IV (EA122)- MS in CS or Eng + 2 yrs exp 
ERP Technical Consultants 
(gather customer sys, eng’g, & manuf reqs; design, code & tes 
tions) 
It (ERPTC127)- BS in CS or Eng or equiv + 2 yrs exp 
Ill (ERPTC126)- BS in CS or Eng + 5 yrs exp 
IV (ERPTC125)- MS in CS or Eng +2 yrs exp 
ministrators 
(NSA128)- BS in CS or Eng or equiv +2 yrs exp 
Sales Engineers 
Il (SALES131)- BS in Eng or CS or equiv + 2 yrs exp 
Ili (SALES130)- BS in Eng, CS or Scien tific Discipline +5 yr 
Senior (SNSALES129)-MS in Eng or CS + 2 yrs 


To apply, send cover letter & resume to Recruitment Team, Wipro 
Two Tower Center Bivd., Suite 1100, East Brunswick, NJ 08816. MV 
erence job code for consideration. Unrestricted right to work 
required. EOE 


as BSA 
B 


ex 
xp as BSA 





Sr. Software Manager needed 
w/Masters* or foreign equiv. in 
Comp. Sci. or Engg or Math & 1 
yr exp. “Will accept Bach or for- 
eign equiv. & 5 yrs of progres- 
sive exp in lieu of Masters & 1 yr. 
Plan, organize, direct & coord 
projects on racle Applics 
based technologies. Dsgn & test 
custom extensions (JSP, Oracle. 
PL/SQL tools) to be used in con- 
junction w/Oracle Applics using 
SDLC principles & industry stan- 
dard OO&D techniques. Gather 
systm reqmts from clients & 
translate in the form of UML dia- 
grams & RUP documents. Sup- 
ervise 2 prgmrs. Mail resumes 
to: Optima Technology Partners 
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data warehouse applications 
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area. Resumes to J.V.L., Craw 
ford Group, 4680 Technology 
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XML, C++, Create!form for 
EDI Gentran Server for 
s, BS or BE or Equaling 
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experience required. 40 
week and competitive salary 
Requires frequent travel/willing 
to relocate. Send resume & 
salary requirements to: HR 
Manager, Synerzy Software 
Solutions Inc,1 Austin Ave, 2nd 
Floor, Iselin, NJ 08830 
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DIRECTOR, RETAIL TECHNOLOGY 


This leadership w 

* Lead various s business groups and partner with other IT 
professionals to develop technology strategies and 
solutions that provide the IT infrastructure and systems 
necessary to strengthen the capability of our retail stores. 

* Apply innovation management and intellectual horsepower 
to develop complex and high priority projects as well as 
assess the existing platform for maintenance and upgrades. 

* Have the ability to manage diverse relationships 
throughout all levels of the organization 


The successful candi should ha 
* A Bachelor’s saan and 10+ years’ experience in Retail IT 
* Project management experience in a medium-large Retail 
chain/franchise environment 
* Background in web-based technologies, systems implemen- 
tations and business acumen in the Retail industry. 
* Knowledge of networking and multi-technology 
platforms 
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warehouse and 3+ years Business Objects exp. 
DATA WAREHOUSE DEVELOPER - 4 - 6 years Informatica 
ETL developer on Unix Oracle RDBMS platform 
DATABASE ADMINISTRATOR - 5+ years experience in 
Oracle and Microsoft SQL 
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Windows XP and Windows 2000 Professional Workstation 
SR. IT PROJECT MANAGEMENT ANALYST - 5 years 
hands-on experience in advanced project management for 
small to large projects; customer relationship management 
skills needed 
SECURITY ADMINISTRATOR - 5-7 years experience 
including Unix, Oracle, Windows 2000 Workstation/ 
Windows 2000 / 2003 Server, and Windows XP 


For consideration, please apply on-line to 


www.BenjaminMoore.com 
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Inc., Attn: Laura Sheehy, 12 40-hr work week. Please 
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Shelton, CT 06484. No calis careers@srcp.com and refer 
please ence job code 621726 
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that the Red Cross has also in- 
stalled intrusion-prevention 
technology on “riskier seg- 
ments” of its network perime- 
ter to provide additional pro- 
tection against attacks. 

Satish Ajmani, CIO of Santa 
Clara County in California, 
said the county government 
was “aggressively” testing and 
deploying the patches from 
Microsoft. 

“We are a very large and 
distributed organization, and 
we used to take several days to 
roll out patches,” Ajmani said. 
But outbreaks such as the Zo- 
tob worm have “heightened 
awareness and understanding” 
of the need for more-effective 
patching strategies among 
county officials, he added. 

Immunity Inc., a Miami- 
based security research firm, 
on Wednesday released a 
proof-of-concept exploit tak- 
ing advantage of a flaw in the 


1 Unchecked buffer in MSDTC: 
rated “critical” on Windows 
2000 and “important” on 
Windows XP SP1 and Windows 
Naa allem 


‘ Flaw in the process that 
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Unchecked buffer in Micro- 
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Windows Server 2003. 


Microsoft Distributed Trans- 
action Coordinator (MSDTC) 
service within Windows 2000. 
The flaw, which some analysts 
described as being relatively 
easy to exploit, could allow at- 





New MySQL Version Adds 
Enterprise Capabilities 


BY JAMES NICCOLAI 

MySQL AB is eyeing a Novem- 
ber release for Version 5.0 of 
its open-source database, a 
major upgrade that the com- 
pany hopes will help it be- 
come a realistic alternative for 
corporate users. 

If all goes well with the lat- 
est test release of the software, 
Version 5.0 should ship next 
month, said Kaj Arno, vice 
president of community rela- 
tions at Uppsala, Sweden- 
based MySQL. 

MySQL 5.0 adds a handful of 
enterprise-oriented features 
— such as triggers, views and 
stored procedures — that have 
long been available from data- 
base market leaders Oracle 
Corp., IBM and Microsoft 
Corp. 

Nonetheless, analysts are 
skeptical that the new version 
has advanced enough to gain 
widespread interest from cor- 
porate IT managers. Gary Bar- 
nett, an analyst at London- 


| based research company Ovum 
Ltd., said that while MySQL is 
adding some basic enterprise 
features, Oracle, IBM and even 
Microsoft continue to offer ca- 
pabilities that keep their prod- 
ucts far ahead of the open- 
source database Still, MySQL 5 
elevates the open-source soft- 
ware into the class of a “true 
database,” said Barnett. 

Therefore, more indepen- 
dent software vendors will 
| likely embed it in their prod- 
ucts, leading to deployments 
in new environments, he said. 
“They are much more credible 
now for ERP and for transac- 
tion-based applications,” Bar- 
nett added. 

In fact, though no ERP appli- 
cations are certified to run on 
MySQL today, David Axmark, a 
MySQL co-founder and vice 
president overseeing licensing 
and strategy, said the company 
is currently working on certifi- 
cation with SAP AG and 
Netherlands-based financial 
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tackers to take complete ad- 
ministrative control of unpro- 
tected servers. 

Justine Aitel, Immunity’s 
CEO, said the firm was able to 
develop a workable exploit of 
the flaw in just a few hours. 
Immunity released the exploit 
code to members of its partner 
program, which includes ven- 
dors of security products such 
as intrusion-detection and 
-prevention systems, so they 
could use the information to 
update their tools to protect 
against the flaw. 

In addition to the exploit 
code for the MSDTC vulnera- 
bility, Immunity has devel- 
oped proof-of-concept ex- 
ploits for two of the other 
flaws that were disclosed by 
Microsoft last week, Aitel said. 

In an e-mail comment, a 
Microsoft spokeswoman said 
that the company knew about 
the exploit code’s availability. 
But, she added, the software 
vendor “is not currently aware 
of active attacks that use this 
exploit code, or of customer 


software vendor Unit 4 Agres- 
so NV. SAP certification is like- 
ly within a year, Axmark said. 
The new version of MySQL 
also changes the way the data- 
base performs common tasks, 
making it behave more like 
other databases. The goal, offi- 
cials said, is to make it easier 
for database administrators to 
switch from other systems. 
The price for MySQL Net- 
work, the company’s subscrip- 
tion support service, for the 
new version still ranges from 
$594 to $4,806 per server per 
year, depending on the service 
level required, Axmark said. 
MySQL officials have long 
maintained the technology is 
complementary — and not 
competitive — with the enter- 
prise databases of IBM and 
Oracle. And with Version 5, 
said Axmark, MySQL still 
“won't attack the data center 
installations, but there are 
thousands of other platforms 
out there for which, in some 
cases, an enterprise database 
may be too much.” @ 57537 


Niccolai is a reporter for the 
IDG News Service. 





| impact at this time.” 


Nonetheless, similar ex- 


| ploits of the MSDTC flaw 


could quickly become widely 
available, said Neel Mehta, 
team leader of the X-Force re- 


| search team at Internet Secu- 


rity Systems Inc. in Atlanta. 
“It’s almost certain that oth- 
er hackers are working on the 
same thing right now,” Mehta 
said. He noted that apart from 
the relative ease with which 
the flaw can be exploited, the 
vulnerability presents a tempt- 


| ing target for attackers be- 


cause the MSDTC service 
runs by default on Windows 
2000 servers and can be taken 
advantage of without users 
having to take any action. 
Alfred Huger, senior direc- 
tor of engineering for Syman- 
tec Corp.’s security response 
team, said his company hadn’t 
received any reports of sys- 
tems being compromised via 
the MSDTC flaw as of Thurs- 
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day. But he warned that the 
new vulnerability presents the 
same kind of opportunity for 
malicious hackers that led to 
the Zotob outbreak, which 
caused problems at several 
large companies. 

Fenwick & West LLP man- 
aged to avoid getting hit by 
Zotob because its antivirus 
software was effective at fil- 
tering out the worm, said Matt 
Kesner, chief technology offi- 


| cer at the Mountain View, 


Calif.-based law firm. 
Nonetheless, the firm has 
sped up its patching processes 
out of concerns about similar 

outbreaks. IT staffers now 
hold a meeting “immediately 
after Microsoft releases its 
patches” on the second Tues- 
day of each month, Kesner 
said. “Then we try to test and 
get the patches out by Friday.” 
Last week, the firm finished 
deploying the new patches on 


Thursday night. @ 57539 


Microsoft Fixes 14 Flaws, 4 ‘Critical’ 


MICROSOFT last week re- 
leased a total of nine security 
updates with fixes for 14 sepa- 
rate vulnerabilities, four of which 
were given “critical” severity 
ratings by the software vendor. 

Among the critical flaws, the 
ones that evoked the most con- 
cern among security analysts 
were the vulnerability in 
MSDTC, which is used by Win- 
dows to manage database, 
messaging and file-system 
transactions, and a hole in the 
COM+ service that's built into 
the operating system to handle 
resource management tasks. 

The two flaws were detailed 
in a single security bulletin by 
Microsoft, which officially 
counted them and two that 
were less severe as just one 
vulnerability - a standard prac- 
tice that the company uses 
when one patch can fix multiple 
security holes. 

Both flaws could enable 
hackers to gain complete ad- 
ministrative control of unpro- 
tected servers and are similar 
to the vulnerability in a plug- 
and-play component of Win- 
dows 2000 that the creators of 
Zotob and its variants took ad- 


vantage of in August. 

But Russ Cooper, editor of the 
NTBugtraq newslist and a scien- 
tist at IT security vendor Cyber- 
trust Inc. in Herndon, Va., said 
via e-mail that the newly discov- 
ered vulnerabilities are unlikely to 
give would-be attackers any 
more of an opening than they al- 
ready had. “Systems 
vulnerable to an MSDTC worm 
are wide open to the Internet,” 
he said. “Such systems are ripe 
for attacks of all sorts anyway.” 

Microsoft on Friday said it was 
aware of “isolated deployment 
issues” with the patch for the 
MSDTC and COM+ flaws. The 
company was “working with the 
limited amount of customers af- 
fected to help resolve the issue,” 
a spokeswoman said via e-mail. 
It also posted a notice describing 
various system problems that 
could occur after installing the 
patch, plus workarounds for fix- 
ing them, she added. 

The SANS Institute's Internet 
Storm Center in Bethesda, Md., 
said it had heard from more than 
two dozen people who reported 
that they had problems when 
they tried to install the patch. 

~ Jaikumar Vijayan 





Computerworld’s Enterprise Management World, in conjunction with the 
Distributed Management Task Force (DMTF), proudly announced the results 
of the second annual “Best Practices in Enterprise Management” Awards 
Program. This program recognized case studies highlighting noteworthy B t p t 
solution implementation projects and deployments. i) lac ICS 
IN ENTERPRISE MANAGEMENT 


AWARDS PROGRAM 
Award Recipients in each of the following categories were recognized during an awards AWARDS PROGRAM EXCLUSIVELY SPONSORED BY 
ceremony at Enterprise Management World in Bethesda, MD, September 14th: E M C 


where information lives 
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Distributed Systems and Infrastructure implementation 
¢ Fulton County Department of Information Technology — Atlanta, Georgia 
¢ Rent-A-Center, Inc. — Plano, Texas 

Honorable Mentions: Denver Health Hospital and Medical Center - Denver, Colorado 


Iron Age Corporation - Westborough, Massachusetts 
Oklahoma Heart Hospital - Oklahoma City, Oklahoma 


Security and Risk Management 
¢ BT — New York, New York 
¢ Lehman Brothers - New York, New York 
Honorable Mentions: Forsyth County - Winston-Salem, North Carolina 


MasterCard International - O'Fallon, Missouri 
Media General - Richmond, Virginia 


industry Regulation, Compliance and Corporate Governance 


¢ The Guardian Life Insurance Company of America - New York, New York 
Honorable Mentions: Aspect Communications - San Jose, California 
Finisar - Sunnyvale, California 


Managing to Improve TCO/ROI 

¢ Countrywide Financial Corp. - Calabasas, California 

¢ SMART Communications, Inc. - Makati City, Philippines 
Honorable Mentions: Belgacom —- Brussels, Belgium 


Calpine Corporation - Houston, Texas 
Oakland County - Pontiac, Michigan 


innovation and Promise 
¢ City of Austin — Austin, Texas 
¢ Northeastern University - Boston, Massachusetts 
Honorable Mentions: Intel (in partnership with RosettaNet) - Santa Clara, California 


Kroll Ontrack Inc. - Eden Prairie, Minnesota 
The New York Botanical Garden — Bronx, New York 
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‘Tools Clamp Down on 
Spreadsheet Abuse 


New offerings can 
provide IT control 
over access to data 
BY HEATHER HAVENSTEIN 

IT shops are increasingly em- 
bracing new business intelli- 
gence tools that aim to forge a 
balance between strident user 
demands for spreadsheets and 
corporate requirements that 
financial data be consistent 
and accurate. 

Actuate Corp. this week 
plans to unveil a spreadsheet 
development environment for 
building enterprise-class sys- 
tems with customized user in- 
terfaces and strong manage- 
ment controls. 

The new Spreadsheet Ap- 
plication Platform also con- 


Continued from page I 


progress. As part of the ITIL 
process, tech-support workers 
assigned to the company’s 
help desk were retrained or 
replaced with systems analysts 
and employees who could 
probe application problems. 

Using workers with better 
skills increased GuideStone’s 
payroll costs but led to a dra- 
matic turnaround in respon- 
siveness, Sawyer said. Most IT 
problems are now resolved 
within seven minutes, she not- 
ed. Before the adoption of 
ITIL, it sometimes took more 
than a day to fix problems. 

Jim Marrs, data center man- 
ager at Austin Energy in Texas, 
said the utility started imple- 
menting ITIL this year. Marrs 
said he sees the standard as a 
framework for organizing in- 
ternal processes, “so IT is 
more focused as a service.” 

For IT staffers, that means 





tains server-managed work- 


| flow and automated write- 


back to central data stores so 
transactional systems can be 
updated to reflect user 
changes through a process 
based on rules set up by IT 
operations, according to San 
Francisco-based Actuate. 

Odom’s Tennessee Pride 
Sausage Inc. will use the Actu- 
ate release to create a spread- 
sheet application for its ERP 
system that can lock down in- 
formation that shouldn’t be 
changed. 

The tool will also allow for 
updates of Odom’s corporate 
database using authorized 
data placed into spreadsheets, 
said Michael Hader, director 
of IT at the Madison, Tenn.- 
based company. “Obviously, 


documenting their activities 
in more detail, as well as 
spelling out the steps and 
processes used to manage IT- 
related events and changes to 
systems, he added. 

ITIL was developed in the 
1980s by the U.K.’s Central 
Computer and Telecommuni- 
cations Agency and is now 
maintained by that country’s 
Office of Government Com- 
merce. The standard incorpo- 
rates suggested best practices 
across a spectrum of IT proc- 
esses and also details those 
processes while documenting 
how to manage them. 

But getting IT workers to 
change their ways isn’t always 
easy, said Slater M. Butts, di- 
rector of network services at 
Safeway Inc. in Salt Lake City. 
When it comes to standards 
such as ITIL, many IT staffers 
really “don’t like to adhere to 
them,” he said. “They just like 
to carry the banner.” 

However, Butts sees value in 


' ITIL, which Safeway’s IT op- 








this creates a much more pro- 
ductive environment for col- 
laborative analysis,” he added. 
The company, which now 

uses Actuate’s spreadsheet re- 
porting software, plans to up- 
grade to the new product soon 
after it ships this week, he said. 


Closer Ties to Office 
Fujitec America Inc., a manu- 
facturer of elevators and esca- 
lators, turned to Actuate three 
years ago when the company 
realized it could never extri- 
cate spreadsheets from the en- 
terprise system, said Rick 
Groth, CIO at the Lebanon, 
Ohio-based company. 

Since then, the company has 
used Actuate’s spreadsheet 
tools to deliver reports from 
its ERP systems in an Excel- 


eration has been deploying in 
a gradual way for the past four 
years. Having a framework for 
internal IT services “takes 
cost out of the process be- 
cause you don’t have to re- 
engineer them” whenever you 
need to make changes, he said. 
Richard Davenport, a senior 
consultant at Bridgeport, Pa.- 


Data Center 
Standards Get 
A Broader View 


CHICAGO 
AFCOM MEMBERS have al- 
ways been interested in stan- 
dards affecting things such as 
the cabling in data centers. But 
at last week's conference, there 
seemed to be growing interest in 
standards that can have a broad 
impact on IT and data center 
management - including, but 
not limited to, ITIL. 

For instance, Steve Hernan- 





compatible format. 

Groth said he is interested 
in the new platform because 
of its ability to write back to 
transactional systems. 

Eric Rogge, an analyst at 
Ventana Research Inc. in San 
Mateo, Calif., said the new 
spreadsheet tools appeal to 
companies as they look to bet- 
ter integrate BI tools and Of- 
fice applications like Excel. 
This integration will allow 
users to avoid the cut-and- 
paste process of moving infor- 
mation from corporate data 
sources into reports and other 
documents, he added. 

Meanwhile, Hyperion Solu- 
tions Corp. last week brought 
out Hyperion System 9, which 
marries the company’s BI and 
financial management soft- 
ware with a single user inter- 
face. The new version also 
provides controlled access to 
spreadsheets that can be auto- 
matically updated as autho- 
rized data from underlying 
transactional systems change, 


based Fox IT LLC, which 
helps companies implement 
ITIL, said the standard forces 
adopters to think about IT 
more as a service than as a 
collection of technologies. 

For instance, Davenport said 
that if a company’s help desk 
— or service desk, as it’s often 
called in ITIL shops — discov- 


dez, Omaha-based director of 
enterprise management and 
processing services at First Data 
Corp., is participating in an effort 
to promote the Data Center 
Markup Language. 

DCML, which is being spear- 
headed by the Organization for 
the Advancement of Structured 
Information Standards, can be 
used by IT vendors to improve 
product interoperability. The stan- 
dard allows hardware devices 
and management systems to 
work with one another, potential- 
ly improving data center manage- 
ment as well as the ability to con- 
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said John Kopcke, chief tech- 
nology officer at the Santa 
Clara, Calif.-based vendor. 

Booz Allen Hamilton Inc. is 
using a beta version of Hyper- 
ion 9 for a pilot project auto- 
mating the creation of end- 
user dashboards, said Kevin 
Cook, director of company- 
wide financial reporting sys- 
tems at the McLean, Va.-based 
consulting firm. 

Cook envisions that the new 
system will allow Booz Allen 
users to automatically update 
Microsoft PowerPoint presen- 
tations with embedded Excel 
spreadsheets that are now 
used to provide company ex- 
ecutives with details about en- 
terprise operations. 

“Now they are running some 
old reports against the data 
warehouse and dumping that 
into Excel,” Cook said. “Some- 
times they are finding errors 
and correcting the data [in the 
spreadsheet] instead of com- 
ing back to the source system 


to correct the data.” @ 57534 


ers a number of small errors, 
ITIL problem-management 
processes will trigger a search 
for larger underlying causes. 
Tech-support workers also 
can become more proactive 
and recommend new IT ser- 
vices that add value for busi- 
ness users, Davenport said. 


@ 57542 


: figure and document IT facilities. 


Although Hernandez said he 
doesn’t know how much money 


: he could save at First Data's 


seven data centers through the 
use of DCML, he sees increased 
standardization as a critical ele- 
ment of improving IT efficiency 
and cutting operating costs. 

“What I’m looking for as a user 
is for vendors to provide [DCML 
compliance] as part of their prod- 
ucts,” said Hernandez, who 
added that he hopes more users 
will join the effort to convince 
vendors to adopt the standard. 

~ Patrick Thibodeau 
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TIME WARNER CABLE 


The Point of Business 


The point of business is cost-effectively connecting enterprise resources to better serve your customers. With a wholly owned, end-to-end 
network—backed by a team of consultants working with you to develop the optimal solution tor your environment—Time Warner Cable delivers 
reliable business communications. Add to that, standard and customized SLAs, along with a full suite of data, video, and security solutions— 
including Metro Ethernet, Teleworker Solutions, Branch Office Connectivity—and you have a scalable infrastructure for sharing, information, 


reducing costs and realizing the value on your IT investment. That's the point of business. 
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FRANK HAYES #® FRANKLY SPEAKING 


R&D & TT 


NEW STUDY from Booz Allen Hamilton says there’s no 
relationship between R&D spending and business per- 
formance. Amazing, huh? And it’s true — sort of. The 
study, by Booz analysts Barry Jaruzelski, Kevin Dehoff 
and Rakesh Bordia, does report that simply spending 
lots of money on R&D doesn’t guarantee good business results — 
which is not quite the same as saying there’s no relationship be- 
tween R&D spending and performance. 
You can download the study, titled “Money Isn’t Everything,” at 
www.computerworld.com/q?a7310. Do it now — if only because 
you'll soon need to explain to your CEO what this study isn’t saying. 


Yes, I know — you're in IT, not R&D. But 
here’s how the dots connect: R&D is in the in- 
novation business. So is IT. Sure, IT also does 
operations and maintenance. But every new IT 
project is developing something new. You even 
call those new things “products,” just like the 
R&D guys do. And if spending on R&D doesn’t 
produce the desired business results, why 
should anyone expect spending on IT projects 
to work any better? 

If your CEO draws that conclusion, your 
new-projects budget is headed for the shredder. 

Fortunately, to prevent that, you have an ally: 
that same study from Booz Allen Hamilton. 

See, when these Booz analysts looked at the 
1,000 publicly traded companies that spend the 
most on R&D, they didn’t really find no connec- 
tion between spending and results. And luckily, 
their key findings make nice, simple bullet 
points for you to show your CEO: 

@ If you don’t spend enough on R&D, busi- 
ness performance suffers. 

@ If you spend too much on R&D, you won't 
get enough business performance improvement 
to justify that spending. 

®@ Nobody knows exactly how 
much is “too much.” 

@ What matters isn’t how much 
you spend, but how you spend it. 

Some companies with moderate 
R&D budgets get great results. 

Some with huge R&D budgets get 
mediocre results. The difference, as 
the Booz analysts say, is “processes, 
not pocketbooks.” 

Does this all sound blazingly ob- 
vious? Of course it does. It’s just as 
true about your car as about your 
R&D (or IT) department. Fail to 
spend enough on auto maintenance, 





and your car won't run well. Spend too much, 
or on the wrong things, and your car won’t run 
any better; you’ve wasted money. 

Then why did Booz do the study? Because it’s 
an article of faith among investors that beefing 
up R&D is a way of goosing growth. So when 
CEOs want to show investors that they’re seri- 
ous about corporate growth, they invest in R&D. 
And investors, seeing the R&D investment, fig- 
ure that means future growth, and buy in. 

But according to the Booz study, that’s a 
myth. More R&D spending doesn’t guarantee a 
return on investment. R&D is no silver bullet. 
And that myth-busting “no relationship” state- 
ment makes perfect sense — for investors. 

But not for CEOs who still have to figure out 
how to create innovation, both in R&D and in IT. 

So now you have two new items on your 
agenda. First, you want to make sure your CEO 
sees a copy of this Booz study. He’s probably al- 
ready seen the headlines; you want to make 
sure he sees the rest of it, too. 

And second, you need to dive deep into the 
study yourself. Nearly everything these analysts 
say about R&D is also true of IT. That includes 

their advice for improving product- 
development processes by listening 
to customers, betting on the right 
projects, improving development 
speed and cutting product costs. 

If you can apply that advice, you 
can become like those R&D depart- 
ments that don’t under- or over- 
spend but still get great returns on 
their innovation investments. 

And you'll create a clear relation- 
ship between your IT spending and 
business performance — no matter 
what’s going on at a thousand other 
companies. @ 57498 





ment. “Everything looks 
good,” says a pilot fish anders 
helping to set it up, “ex- : creating their own. “One 

cept they want a laptop : day, | get a message 
to run the auctions live : from a notoriously clue- 
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